Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Step 5 - Using different classes and their predicates #7

Closed
github-learning-lab bot opened this issue May 7, 2020 · 2 comments · Fixed by #8
Closed

Step 5 - Using different classes and their predicates #7

github-learning-lab bot opened this issue May 7, 2020 · 2 comments · Fixed by #8
Assignees
@jaiverma

Comments

@github-learning-lab
Copy link

Step 5: Using different classes and their predicates

We want to identify integer values that are supplied from network data. A good way to spot those is to look for use of network ordering conversion macros such as ntohl, ntohll, and ntohs.

In the from section of the query, you declare some variables, and state the types of those variables. The type tells us what the possible values are for the variable.

In the previous query you were querying for values in the class Function to find functions in the source code. We have to query a different type to find macros in the source code instead. Can you guess its name?

NOTE: These Network ordering conversion utilities can be macros or functions depending on the platform. In this course, we are looking at a Linux database, where they are macros.
@github-learning-lab
Copy link
Author

⌨️ Activity: Find all ntoh* macros

  1. Edit the file 5_macro_definitions.ql
  2. Write a query that finds the definitions of the macros named ntohs, ntohl or ntohll. Use the auto-completion in the Visual Studio Code extension to guide you:
    • Wait a moment after typing from to get a list of available classes in the CodeQL standard library for C/C++. Which class in this list represents macros? Create a variable with this class as its type.
    • In the where section, type <your_variable_name> followed by a dot ., and wait a moment to get the list of predicates available for a value in the variable's type. Hover over each predicate to see the inline documentation.
    • Which predicate will give us the name of a macro?
    • Use the or keyword to combine multiple conditions where you want at least one condition to be met. Here we are interested in three possible macro names.
  3. You can use a regular expression to write a more compact query that searches for all three macros at once, instead of using three cases combined by or. Check out the predicate string::regexpMatch in the built-in predicates for string. CodeQL uses the java.util.Pattern regexp conventions).
  4. Once you're happy with the results, submit your solution.

@github-learning-lab github-learning-lab bot mentioned this issue May 7, 2020
Closed
github-learning-lab bot referenced this issue May 7, 2020
Find functions named memcpy
cc1e8e0
@jaiverma jaiverma linked a pull request May 7, 2020 that will close this issue
Find ntoh macro definitions #8
Merged
@github-learning-lab
Copy link
Author

Congratulations, looks like the query you introduced in 16beeaf finds the correct results!

If you created a pull request, merge it.

Let's continue to the next step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jaiverma jaiverma

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Find ntoh macro definitions jaiverma/codeql-uboot
1 participant
@jaiverma