├── .github └── workflows │ ├── ci.yml │ └── publish.yml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── codeql-learninglab-check ├── Dockerfile ├── README.md ├── package │ ├── .gitignore │ ├── package-lock.json │ ├── package.json │ ├── src │ │ ├── check.ts │ │ ├── formatting.ts │ │ ├── index.ts │ │ ├── l10n.ts │ │ └── util.ts │ └── tsconfig.json └── publish.sh ├── courses ├── cpp │ ├── ctf-segv │ │ ├── README.md │ │ ├── action.yml │ │ ├── answers │ │ │ ├── 01_function_definitions.ql │ │ │ ├── 02_alloca_definition.ql │ │ │ ├── 03_alloca.ql │ │ │ ├── 04_alloca_ignore_small.ql │ │ │ ├── 05_use_alloca.ql │ │ │ ├── 06_use_alloca_guard.ql │ │ │ ├── 07_use_alloca_guard.ql │ │ │ ├── 08_use_alloca_guard.ql │ │ │ ├── 09_use_alloca_guard.ql │ │ │ ├── 10_guarded_alloca.ql │ │ │ ├── 11_alloca_ignore_small_or_guarded.ql │ │ │ ├── 12_fopen.ql │ │ │ ├── 13_fopen_to_alloca_taint.ql │ │ │ └── qlpack.yml │ │ └── image │ │ │ ├── Dockerfile │ │ │ ├── config │ │ │ ├── 0.0_function_definitions.csv │ │ │ ├── 0.1_alloca_definition.csv │ │ │ ├── 1.0_alloca.csv │ │ │ ├── 1.1_alloca_ignore_small.csv │ │ │ ├── 2.0_use_alloca.csv │ │ │ ├── 2.1_use_alloca_guard.csv │ │ │ ├── 2.2_use_alloca_guard.csv │ │ │ ├── 2.3_use_alloca_guard.csv │ │ │ ├── 2.4_use_alloca_guard.csv │ │ │ ├── 2.5_guarded_alloca.csv │ │ │ ├── 3.0_alloca_ignore_small_or_guarded.csv │ │ │ ├── 4.0_fopen.csv │ │ │ ├── 4.1_fopen_to_alloca_taint.csv │ │ │ └── config.json │ │ │ └── publish.sh │ └── uboot │ │ ├── README.md │ │ ├── action.yml │ │ ├── answers │ │ ├── 10_taint_tracking.ql │ │ ├── 3_function_definitions.ql │ │ ├── 4_memcpy_definitions.ql │ │ ├── 5_macro_definitions.ql │ │ ├── 6_memcpy_calls.ql │ │ ├── 7_macro_invocations.ql │ │ ├── 8_macro_expressions.ql │ │ ├── 9_class_network_byteswap.ql │ │ └── qlpack.yml │ │ └── image │ │ ├── Dockerfile │ │ ├── config │ │ ├── config.json │ │ ├── step-10.csv │ │ ├── step-3.csv │ │ ├── step-4.csv │ │ ├── step-5.csv │ │ ├── step-6.csv │ │ ├── step-7.csv │ │ ├── step-8.csv │ │ └── step-9.csv │ │ └── publish.sh └── javascript │ └── unsafe-jquery │ ├── README.md │ ├── action.yml │ ├── answers │ ├── calls-to-dollar-arg.ql │ ├── calls-to-dollar.ql │ ├── dollar-arg-node.ql │ ├── final.ql │ ├── jquery-plugins.ql │ ├── plugin-options.ql │ ├── property-read.ql │ ├── qlpack.yml │ └── sources.ql │ └── image │ ├── Dockerfile │ ├── config │ ├── calls-to-dollar-arg.csv │ ├── calls-to-dollar.csv │ ├── config.json │ ├── dollar-arg-node.csv │ ├── final.csv │ ├── jquery-plugins.csv │ ├── plugin-options.csv │ ├── property-read.csv │ └── sources.csv │ └── publish.sh ├── docs └── comment_screenshot.png ├── scripts ├── test-course-actual.sh ├── test-course-latest.sh └── test-course-shared.sh └── templates ├── action ├── README.md ├── action.yml ├── answers │ ├── qlpack.yml │ ├── step-01.ql │ └── step-02.ql └── image │ ├── Dockerfile │ ├── config │ ├── config.json │ └── step-01.csv │ └── publish.sh └── learninglab ├── README.md ├── course-template ├── .github │ └── workflows │ │ ├── action │ │ ├── Dockerfile │ │ └── action.yml │ │ └── check-queries.yml └── qlpack.yml └── course ├── config.yml ├── course-details.md ├── generate-config.js └── responses ├── end.md ├── fail.md ├── next.md ├── setup-ok.md ├── step-1.md └── step-2.md /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: [push] 4 | 5 | jobs: 6 | generateTOC: 7 | runs-on: ubuntu-latest 8 | name: Generate Table of Contents 9 | steps: 10 | - name: TOC Generator 11 | uses: technote-space/toc-generator@v2.1.0 12 | with: 13 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 14 | test-courses-template-actual: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2 19 | 20 | - name: Login to docker 21 | env: 22 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 23 | run: echo "$GITHUB_TOKEN" | docker login docker.pkg.github.com -u github-actions --password-stdin 24 | 25 | - name: Build Images & Run Queries 26 | run: cd templates/action && ../../scripts/test-course-actual.sh 27 | test-courses-template-latest: 28 | runs-on: ubuntu-latest 29 | steps: 30 | - name: Checkout 31 | uses: actions/checkout@v2 32 | 33 | - name: Build Images & Run Queries 34 | run: cd templates/action && ../../scripts/test-course-latest.sh 35 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: Build and publish docker images to registry 2 | 3 | on: 4 | push: 5 | branches: 6 | master 7 | 8 | jobs: 9 | publish-codeql-learninglab-check: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v2 14 | 15 | - name: Build and Publish Query Checking Docker Image 16 | run: cd codeql-learninglab-check && ./publish.sh 17 | env: 18 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 19 | publish-courses-cpp-ctf-segv: 20 | needs: publish-codeql-learninglab-check 21 | runs-on: ubuntu-latest 22 | steps: 23 | - name: Checkout 24 | uses: actions/checkout@v2 25 | 26 | - name: Build and Publish Course Docker Image 27 | run: cd courses/cpp/ctf-segv/image && ./publish.sh 28 | env: 29 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 30 | 31 | publish-courses-cpp-u-boot: 32 | needs: publish-codeql-learninglab-check 33 | runs-on: ubuntu-latest 34 | steps: 35 | - name: Checkout 36 | uses: actions/checkout@v2 37 | 38 | - name: Build and Publish Course Docker Image 39 | run: cd courses/cpp/uboot/image && ./publish.sh 40 | env: 41 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 42 | publish-courses-javascript-unsafe-jquery: 43 | needs: publish-codeql-learninglab-check 44 | runs-on: ubuntu-latest 45 | steps: 46 | - name: Checkout 47 | uses: actions/checkout@v2 48 | 49 | - name: Build and Publish Course Docker Image 50 | run: cd courses/javascript/unsafe-jquery/image && ./publish.sh 51 | env: 52 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 53 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to make participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies within all project spaces, and it also applies when 49 | an individual is representing the project or its community in public spaces. 50 | Examples of representing a project or community include using an official 51 | project e-mail address, posting via an official social media account, or acting 52 | as an appointed representative at an online or offline event. Representation of 53 | a project may be further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at . All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ## Contributing 2 | 3 | [fork]: https://github.com/github/codeql-learninglab-actions/fork 4 | [pr]: https://github.com/github/codeql-learninglab-actions/compare 5 | [style]: https://github.com/styleguide/ruby 6 | [code-of-conduct]: CODE_OF_CONDUCT.md 7 | 8 | Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. 9 | 10 | Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md). 11 | 12 | Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms. 13 | 14 | ## Submitting a pull request 15 | 16 | 0. [Fork][fork] and clone the repository 17 | 0. Configure and install the dependencies: `script/bootstrap` 18 | 0. Make sure the tests pass on your machine: `rake` 19 | 0. Create a new branch: `git checkout -b my-branch-name` 20 | 0. Make your change, add tests, and make sure the tests still pass 21 | 0. Push to your fork and [submit a pull request][pr] 22 | 0. Pat your self on the back and wait for your pull request to be reviewed and merged. 23 | 24 | Here are a few things you can do that will increase the likelihood of your pull request being accepted: 25 | 26 | - Write tests. 27 | - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests. 28 | - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html). 29 | 30 | ## Resources 31 | 32 | - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) 33 | - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/) 34 | - [GitHub Help](https://help.github.com) 35 | 36 | ## Updating and Releasing 37 | 38 | ### :whale: `codeql-learninglab-check` docker image 39 | 40 | The top-level dependency is the 41 | [`codeql-learninglab-check`](codeql-learninglab-check) docker image. 42 | To update its dependencies, 43 | or release a new version of it, 44 | please see [the README for that docker image](codeql-learninglab-check). 45 | 46 | ### Courses included in the `courses/` directory 47 | 48 | Following changes to the [`codeql-learninglab-check`](codeql-learninglab-check) 49 | base docker image, 50 | you'll likely want to update each of the individual courses to use the latest 51 | version. 52 | (This will be necessary for users to take advantage of the latest changes to 53 | the CodeQL libraries or tools). 54 | You can do this by updating the `FROM` line in the respective `Dockerfile`. 55 | 56 | Changes to the courses, 57 | including changes to the `Dockerfile`, 58 | the configuration, 59 | or any of the expected results `.csv` files are automatically published when 60 | pushes are made to `master`. 61 | This is done by the respective `publish.sh` file for each course. 62 | 63 | We generally want to ensure that we always push the version `latest` so that 64 | changes can immediately be used by all course participants, 65 | and we don't need to update any references to versions elsewhere. 66 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 GitHub, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Actions for Learning Lab CodeQL Courses 2 | 3 | [![](https://github.com/github/codeql-learninglab-actions/workflows/CI/badge.svg)](https://github.com/github/codeql-learninglab-actions/actions?query=workflow%3ACI) 4 | [![](https://github.com/github/codeql-learninglab-actions/workflows/Build%20and%20publish%20docker%20images%20to%20registry/badge.svg)](https://github.com/github/codeql-learninglab-actions/actions?query=workflow%3A%22Build+and+publish+docker+images+to+registry%22) 5 | 6 | This repository provides Docker images and GitHub Actions 7 | for use in CodeQL courses 8 | on [Learning Lab](https://lab.github.com/). 9 | 10 | These actions allow you to specify workflows 11 | that can check that course participants' queries are correct, 12 | by running their queries against a well-known CodeQL database, 13 | and checking the results are as expected. 14 | Whatever the outcome, 15 | the action will post a comment on the commit which was pushed 16 | to add the queries. 17 | 18 | When a user's results are incorrect, 19 | the comment will include details of which results are missing, 20 | and which are superfluous, 21 | including links to the lines of source code on GitHub when possible: 22 | 23 | **Screenshot:** 24 | 25 | ![](docs/comment_screenshot.png) 26 | 27 | 28 | 29 | **Table of Contents** 30 | 31 | - [Creating your own course](#creating-your-own-course) 32 | - [Creating the Query Checking Action](#creating-the-query-checking-action) 33 | - [Testing the action](#testing-the-action) 34 | - [Adding new queries & calculating the contents for the CSV files](#adding-new-queries--calculating-the-contents-for-the-csv-files) 35 | - [Publishing your action](#publishing-your-action) 36 | - [Contributing your GitHub Action to this repository](#contributing-your-github-action-to-this-repository) 37 | - [Creating the Learning Lab Course](#creating-the-learning-lab-course) 38 | - [Example Courses](#example-courses) 39 | - [Contributing](#contributing) 40 | - [Releasing new versions or updating dependencies](#releasing-new-versions-or-updating-dependencies) 41 | - [License](#license) 42 | 43 | 44 | 45 | ## Creating your own course 46 | 47 | There are two main components to any Learning Lab course for CodeQL that uses 48 | the components in this repository: 49 | 50 | * [**Query Checking Action:**](#creating-the-query-checking-action) 51 | 52 | Each course has its own GitHub Action that is designed to be used in workflows 53 | that run when a course participant pushes new commits to their repo. 54 | The action will check which queries have changed in the push, 55 | and run the queries that it recognizes as part of the course 56 | (based on the filename). 57 | 58 | After running the queries, 59 | the action will check the results against a CSV file of expected results. 60 | It will then post a comment on the commit, 61 | detailing whether each query produced the correct results or not. 62 | And if not, 63 | it will include details of which results are missing, 64 | and which results are unexpected. 65 | 66 | These actions are bundled using Docker, 67 | and made available using 68 | [GitHub Packages](https://github.com/features/packages). 69 | 70 | * [**Learning Lab Course:**](#creating-the-learning-lab-course) 71 | 72 | This is the course itself. 73 | It creates the initial repository the participant will use for their course, 74 | posts instructions as GitHub issues, 75 | and listens for comments posted by the GitHub action to know when the user 76 | has completed the current task correctly, 77 | and is ready to advance to the next one. 78 | 79 | ### Creating the Query Checking Action 80 | 81 | *(for an example of a working action, 82 | see [`courses/cpp/ctf-segv`](courses/cpp/ctf-segv)).* 83 | 84 | Course actions consist of an `action.yml` file, 85 | and docker image built from the base image 86 | [`codeql-learninglab-check`](codeql-learninglab-check). 87 | 88 | The base image expects course images built on-top of it 89 | to add the file `/home/codeql/config/config.json`, 90 | which details the configuration for the course. 91 | 92 | The file should look something like this: 93 | 94 | ```json 95 | { 96 | "databasePath": "", 97 | "locationPaths": "https://github.com///blob/{path}#L{line-start}-L{line-end}", 98 | "expectedResults": { 99 | "step-01.ql": "step-01.csv", 100 | "step-02.ql": "step-02.csv", 101 | "step-03.ql": false, 102 | } 103 | } 104 | ``` 105 | 106 | In addition to the `config.json` file above, 107 | a course image needs to also add the snapshot directory 108 | that queries should be run against, 109 | and csv files for the expected results. 110 | 111 | * `databasePath` should be a directory in the docker image, 112 | relative to the `config.json` file, 113 | that contains the extracted CodeQL database that queries will be run against. 114 | If you are using the template below, 115 | it will usually be the name of the only top-level directory 116 | from inside the database zip file. 117 | * `locationPaths` is an optional template string that can be used to enable 118 | source links in comments, when participants have written queries that output 119 | unexpected rows, or are missing results. 120 | ``, `` and `` should be replace as appropriate, 121 | the placeholders `{path}`, `{line-start}` and `{line-end}` are used by the 122 | checker, and should be left as-is. 123 | * `expectedResults` is an object that maps expected query filenames to a csv 124 | file detailing what the expected results for this query should be. 125 | Only the first expression for each row in the query results is checked. 126 | If instead of a CSV filename, `false` is used, 127 | then the checker will assume that the CSV file has simply 128 | never been generated, 129 | and will print out the resulting output from the query for you to copy into a 130 | new file. 131 | 132 | 133 | To simplify course creation, 134 | we recommend structuring your course folder like so: 135 | 136 | ``` 137 | ├── answers <─── Model Answers 138 | │ ├── qlpack.yml 139 | │ ├── step-01.ql <─┬─ Answers with expected paths 140 | │ ├── step-02.ql <─┤ (relative to answers/) 141 | │ └── ... <─┘ as specified in config.json 142 | ├── image 143 | │ ├── config 144 | │ │ ├── config.json <─── Main course configuration 145 | │ │ ├── step-01.csv 146 | │ │ ├── step-02.csv 147 | │ │ └── ... 148 | │ └── Dockerfile 149 | └── action.yml 150 | ``` 151 | 152 | *(For your convinience, 153 | we've created a template course that uses this file-structure 154 | in the folder [`templates/action`](templates/action). 155 | You can simply copy the folder, 156 | and follow the instructions in the template README for what things to replace).* 157 | 158 | `action.yml` should look something like this: 159 | 160 | ```yml 161 | name: 'Check queries' 162 | description: 'Check that the queries that have been pushed (as part of the lesson) produce the correct results' 163 | author: 'GitHub ' 164 | runs: 165 | using: 'docker' 166 | image: 'docker://docker.pkg.github.com///' 167 | branding: 168 | icon: 'check-circle' 169 | color: 'purple' 170 | ``` 171 | 172 | and `Dockerfile` should look something like: 173 | 174 | ```Dockerfile 175 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check: 176 | 177 | ## Add course config 178 | COPY --chown=codeql:codeql config /home/codeql/config 179 | WORKDIR /home/codeql/config 180 | # Download, unzip and then delete the zip file in one step to reduce image size 181 | RUN wget --quiet -O database.zip && unzip -qq database.zip && rm -rf database.zip 182 | ``` 183 | 184 | Note that we download, unzip and then delete the zip file of the snapshot 185 | in a single step here. 186 | This helps us reduce the size of the image, 187 | as separate steps would result in intermediate image layers that are built 188 | on-top of one another. 189 | 190 | #### Testing the action 191 | 192 | You can test the action either locally or on GitHub actions. 193 | 194 | **Locally:** 195 | 196 | To test a course locally, 197 | from the course directory, 198 | run either of these scripts: 199 | 200 | * [`scripts/test-course-actual.sh`](scripts/test-course-actual.sh): 201 | which will download and use the specific version of `codeql-learninglab-check` 202 | that is specified in `Dockerfile` 203 | * [`scripts/test-course-latest.sh`](scripts/test-course-latest.sh): 204 | Which will also build the `codeql-learninglab-check` image locally, 205 | and tag it with the expected base image of the course, 206 | allowing you to test how changes to the `codeql-learninglab-check` 207 | affect this specific course, 208 | without publishing any new images. 209 | 210 | Both scripts take as argument an **optional** regexp string. 211 | If this string is passed, only the queries 212 | with names matching the regexp will be run. 213 | Otherwise all queries are run. 214 | 215 | **In GitHub Actions:** 216 | 217 | If adding a course to this repository, 218 | extend the workflow file [`.github/workflows/ci.yml`](.github/workflows/ci.yml) 219 | to include your new course. 220 | Any subsequent pushes to any branch should trigger an Action to run 221 | that will succeed only when all the expected queries produce the right results. 222 | 223 | If you are creating a course in another repository, 224 | you can copy the [`scripts/test-course-actual.sh`](scripts/test-course-actual.sh) 225 | and [`scripts/test-course-latest.sh`](scripts/test-course-latest.sh) files 226 | into that repository, 227 | and add a similar workflow file to the one mentioned above. 228 | 229 | #### Adding new queries & calculating the contents for the CSV files 230 | 231 | When testing the action ([as detailed above](#testing-the-action)), 232 | when a query that is run produces unexpected results, 233 | or it is specified as `false` in `config.yml` instead of listing a CSV filename, 234 | the actual results that it produces are printed out in the console. 235 | You can then store this output as the relevant CSV file. 236 | 237 | So the workflow for adding a new query and CSV file looks like: 238 | 239 | * add the query (`.ql` file) to `answers/`. 240 | * add the query to the `expectedResults` property in `config.json`, 241 | with a starting value of `false`. 242 | * Test the action (whichever method you prefer). 243 | * Copy the CSV output to the appropriate file in `image/config/`. 244 | * Re-test the action to ensure it marks the query 245 | as producing the correct results. 246 | 247 | #### Publishing your action 248 | 249 | The main thing you need to do here is publish your Docker image somewhere, 250 | and ensure that `action.yml` referrs to a tag that is downloadable. 251 | 252 | We recommend setting up a GitHub Actions Workflow 253 | to automatically publish your docker image 254 | with the version `latest` to `docker.pkg.github.com` 255 | whenever you get a new push to `master`. 256 | This is what we do in 257 | [`.github/workflows/publish.yml`](.github/workflows/publish.yml). 258 | 259 | Any courses that are added to this repository 260 | need to be published in this manner. 261 | 262 | ### Contributing your GitHub Action to this repository 263 | 264 | If you want to add a course to this repository, 265 | ensure that: 266 | 267 | * You're creating the course in the `courses/` folder, 268 | under the appropriate language sub-folder for the project. 269 | * You update both [`.github/workflows/ci.yml`](.github/workflows/ci.yml) and 270 | [`.github/workflows/publish.yml`](.github/workflows/publish.yml) to include 271 | testing and image publishing for your course. 272 | 273 | ### Creating the Learning Lab Course 274 | 275 | If you have not created a Learning Lab course before, 276 | it is recommended to take the 277 | [course on creating a course](https://lab.github.com/githubtraining/write-a-learning-lab-course)! 278 | 279 | There are core repositories that need to be created as part of any learning-lab 280 | course: 281 | 282 | * **The course repository:** 283 | All the course configuration, instructions etc... 284 | * **The template repository:** 285 | The initial contents that populate the repository 286 | created on behalf of the course participant. 287 | (All courses are taken with respect to it's own repository) 288 | 289 | We've created two template directories 290 | that you can use as a starting point for your own CodeQL Learning Lab Course: 291 | 292 | * [`templates/learninglab/course`](templates/learninglab/course) 293 | * [`templates/learninglab/course-template`](templates/learninglab/course-template) 294 | 295 | Simply copy the contents of these templates into their own repositories, 296 | and follow the [template instructions](templates/learninglab) to get started. 297 | 298 | *(Remember that you need to create 2 separate repositories 299 | for your Learning Lab course, 300 | they can't be directories in an existing repo).* 301 | 302 | ## Example Courses 303 | 304 | * [GitHub Security Lab CTF 1: SEGV hunt](courses/cpp/ctf-segv) 305 | 306 | Feel free to add your own courses to this list! 307 | See [CONTRIBUTING.md](CONTRIBUTING.md). 308 | 309 | ## Contributing 310 | 311 | We welcome contributions, 312 | both for new courses, 313 | and improvements to existing courses ot the 314 | [`codeql-learninglab-check`](codeql-learninglab-check) docker image. 315 | 316 | ### Releasing new versions or updating dependencies 317 | 318 | See: [Updating and Releasing](CONTRIBUTING.md#updating-and-releasing) 319 | 320 | ## License 321 | 322 | The code in this repository is licensed under MIT (see [LICENSE.md](LICENSE.md)). 323 | However as it makes use of the CodeQL CLI, 324 | you must also abide by the 325 | [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license), 326 | whenever your usage involves the CodeQL CLI. 327 | 328 | In particular, 329 | you are not permitted to use these docker images or actions 330 | to create CodeQL databases using the CLI in CI/CD, 331 | as per the [terms & conditions](https://securitylab.github.com/tools/codeql/license): 332 | 333 | > **the Software cannot be used** [...] 334 | > **To generate CodeQL databases for or during automated analysis, 335 | > continuous integration or continuous delivery, 336 | > whether as part of normal software engineering processes or otherwise.** 337 | -------------------------------------------------------------------------------- /codeql-learninglab-check/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | RUN apt-get update 4 | RUN apt-get install -y wget unzip 5 | 6 | RUN useradd codeql 7 | RUN mkdir ~codeql 8 | RUN chown codeql:codeql ~codeql 9 | 10 | # Install CodeQL 11 | USER codeql 12 | WORKDIR /home/codeql 13 | RUN mkdir ~/codeql-home 14 | RUN wget --quiet https://github.com/github/codeql-cli-binaries/releases/download/v2.2.4/codeql.zip -O codeql-2.2.4.zip && unzip ~/codeql-2.2.4.zip -d /home/codeql/codeql-home/ && rm -f ~/codeql-2.2.4.zip && mv ~/codeql-home/codeql ~/codeql-home/codeql-cli 15 | 16 | ENV PATH="/home/codeql/codeql-home/codeql-cli/:${PATH}" 17 | 18 | # Install NodeJS and NPM (for action code) 19 | USER root 20 | RUN apt-get install -y git curl 21 | RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - 22 | RUN apt-get install -y nodejs 23 | 24 | # Temporarily disable running script as user codeql as we're unable to run 25 | # certain git commands due to permissions 26 | # USER codeql 27 | 28 | # Add CodeQL repo 29 | RUN git clone https://github.com/github/codeql.git /home/codeql/codeql-home/codeql-repo 30 | 31 | WORKDIR /home/codeql/codeql-home/codeql-repo/ 32 | RUN git checkout c8dc2ee611c571d11999e2eb50bacd2b6e559829 33 | 34 | # Add and build code action code 35 | COPY --chown=codeql:codeql package /home/codeql/package 36 | WORKDIR /home/codeql/package 37 | RUN npm install 38 | RUN npm run build 39 | 40 | ENTRYPOINT ["node", "/home/codeql/package/build"] 41 | -------------------------------------------------------------------------------- /codeql-learninglab-check/README.md: -------------------------------------------------------------------------------- 1 | # :whale: `codeql-learninglab-check` 2 | 3 | This is the docker image used as the base for query-checking actions used by 4 | CodeQL Learning Lab courses, 5 | and it is [published to GitHub 6 | Packages](https://github.com/github/codeql-learninglab-actions/packages/95228). 7 | 8 | ## Usage 9 | 10 | For instructions on how to use this docker image, please see 11 | [Creating your own course](../README.md#creating-your-own-course) 12 | in the main README. 13 | 14 | ## Architecture / Components 15 | 16 | This docker image bundles a number of elements: 17 | 18 | * **Dependency:** Some debian packages, importantly including Node v12. 19 | * **Dependency:** The CodeQL CLI binaries from 20 | [`codeql-cli-binaries`](https://github.com/github/codeql-cli-binaries/releases) 21 | * **Dependency:** A checkout of the [`GitHub/codeql`](https://github.com/github/codeql) 22 | repository, pinned to a specific version. 23 | * The core action JavaScript/TypeScript code from [`package/`](package), 24 | and all its NPM dependencies. 25 | 26 | ## Updating the CodeQL dependencies 27 | 28 | You will want to make sure that the versions of the CodeQL CLI and `GitHub/codeql` 29 | are compatible. 30 | 31 | * **Updating the CodeQL CLI**: Modify the URL for the CLI in 32 | [`Dockerfile`](Dockerfile). 33 | * **Updating the `GitHub/codeql` repo**: Update the `RUN git checkout ` line in 34 | [`Dockerfile`](Dockerfile) to a git sha / reference that is compatible with 35 | the version of the CodeQL CLI that is in use. 36 | 37 | ## Releasing 38 | 39 | After making changes to any of the elements of this docker image, 40 | including the source code in `package/`, 41 | for courses to make use of these changes you need to make a release. 42 | 43 | This repository has a GitHub Actions workflow configured on pushes to `master` 44 | to automatically publish the image 45 | using the script [`publish.sh`](publish.sh). 46 | It will check to see if an image has already been published for the current 47 | version, 48 | and if not it will build and publish the image automatically. 49 | So to publish a new version, 50 | simply change the `IMAGE_VERSION` variable in [`publish.sh`](publish.sh), 51 | and push to `master`. 52 | 53 | **Note: it's probably best to avoid publishing to `latest` so that courses have 54 | to specify an explicit as their base images, 55 | so that courses won't break unexpectedly with breaking changes to this image** 56 | 57 | ### Updating downstream dependencies 58 | 59 | Once you have updated this base image, 60 | you probably want to also update a number of the courses to use this updated 61 | image. 62 | 63 | See the main 64 | [CONTRIBUTING.md](../CONTRIBUTING.md#courses-included-in-the-courses-directory) 65 | file for more info. 66 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | build/ -------------------------------------------------------------------------------- /codeql-learninglab-check/package/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "requires": true, 3 | "lockfileVersion": 1, 4 | "dependencies": { 5 | "@actions/core": { 6 | "version": "1.2.6", 7 | "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", 8 | "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==" 9 | }, 10 | "@octokit/endpoint": { 11 | "version": "5.5.1", 12 | "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-5.5.1.tgz", 13 | "integrity": "sha512-nBFhRUb5YzVTCX/iAK1MgQ4uWo89Gu0TH00qQHoYRCsE12dWcG1OiLd7v2EIo2+tpUKPMOQ62QFy9hy9Vg2ULg==", 14 | "requires": { 15 | "@octokit/types": "^2.0.0", 16 | "is-plain-object": "^3.0.0", 17 | "universal-user-agent": "^4.0.0" 18 | } 19 | }, 20 | "@octokit/request": { 21 | "version": "5.3.1", 22 | "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.3.1.tgz", 23 | "integrity": "sha512-5/X0AL1ZgoU32fAepTfEoggFinO3rxsMLtzhlUX+RctLrusn/CApJuGFCd0v7GMFhF+8UiCsTTfsu7Fh1HnEJg==", 24 | "requires": { 25 | "@octokit/endpoint": "^5.5.0", 26 | "@octokit/request-error": "^1.0.1", 27 | "@octokit/types": "^2.0.0", 28 | "deprecation": "^2.0.0", 29 | "is-plain-object": "^3.0.0", 30 | "node-fetch": "^2.3.0", 31 | "once": "^1.4.0", 32 | "universal-user-agent": "^4.0.0" 33 | } 34 | }, 35 | "@octokit/request-error": { 36 | "version": "1.2.0", 37 | "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-1.2.0.tgz", 38 | "integrity": "sha512-DNBhROBYjjV/I9n7A8kVkmQNkqFAMem90dSxqvPq57e2hBr7mNTX98y3R2zDpqMQHVRpBDjsvsfIGgBzy+4PAg==", 39 | "requires": { 40 | "@octokit/types": "^2.0.0", 41 | "deprecation": "^2.0.0", 42 | "once": "^1.4.0" 43 | } 44 | }, 45 | "@octokit/rest": { 46 | "version": "16.35.2", 47 | "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-16.35.2.tgz", 48 | "integrity": "sha512-iijaNZpn9hBpUdh8YdXqNiWazmq4R1vCUsmxpBB0kCQ0asHZpCx+HNs22eiHuwYKRhO31ZSAGBJLi0c+3XHaKQ==", 49 | "requires": { 50 | "@octokit/request": "^5.2.0", 51 | "@octokit/request-error": "^1.0.2", 52 | "atob-lite": "^2.0.0", 53 | "before-after-hook": "^2.0.0", 54 | "btoa-lite": "^1.0.0", 55 | "deprecation": "^2.0.0", 56 | "lodash.get": "^4.4.2", 57 | "lodash.set": "^4.3.2", 58 | "lodash.uniq": "^4.5.0", 59 | "octokit-pagination-methods": "^1.1.0", 60 | "once": "^1.4.0", 61 | "universal-user-agent": "^4.0.0" 62 | } 63 | }, 64 | "@octokit/types": { 65 | "version": "2.0.2", 66 | "resolved": "https://registry.npmjs.org/@octokit/types/-/types-2.0.2.tgz", 67 | "integrity": "sha512-StASIL2lgT3TRjxv17z9pAqbnI7HGu9DrJlg3sEBFfCLaMEqp+O3IQPUF6EZtQ4xkAu2ml6kMBBCtGxjvmtmuQ==", 68 | "requires": { 69 | "@types/node": ">= 8" 70 | } 71 | }, 72 | "@octokit/webhooks": { 73 | "version": "7.0.0", 74 | "resolved": "https://registry.npmjs.org/@octokit/webhooks/-/webhooks-7.0.0.tgz", 75 | "integrity": "sha512-oSZuKc2LDNtt3vW7Iq9XNvIm3i6CxMkrzkuyHinR6IjVRb7EuiMshn3AVDdXdDtAVHvxwxj3ikt3jsTlFE6zEA==", 76 | "requires": { 77 | "debug": "^4.0.0" 78 | } 79 | }, 80 | "@types/csv-parse": { 81 | "version": "1.2.2", 82 | "resolved": "https://registry.npmjs.org/@types/csv-parse/-/csv-parse-1.2.2.tgz", 83 | "integrity": "sha512-k33tLtRKTQxf7hQfMlkWoS2TQYsnpk1ibZN+rzbuCkeBs8m23nHTeDTF1wb/e7/MSLdtgCzqu3oM1I101kd6yw==", 84 | "requires": { 85 | "csv-parse": "*" 86 | } 87 | }, 88 | "@types/node": { 89 | "version": "12.12.20", 90 | "resolved": "https://registry.npmjs.org/@types/node/-/node-12.12.20.tgz", 91 | "integrity": "sha512-VAe+DiwpnC/g448uN+/3gRl4th0BTdrR9gSLIOHA+SUQskaYZQDOHG7xmjiE7JUhjbXnbXytf6Ih+/pA6CtMFQ==" 92 | }, 93 | "atob-lite": { 94 | "version": "2.0.0", 95 | "resolved": "https://registry.npmjs.org/atob-lite/-/atob-lite-2.0.0.tgz", 96 | "integrity": "sha1-D+9a1G8b16hQLGVyfwNn1e5D1pY=" 97 | }, 98 | "before-after-hook": { 99 | "version": "2.1.0", 100 | "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.1.0.tgz", 101 | "integrity": "sha512-IWIbu7pMqyw3EAJHzzHbWa85b6oud/yfKYg5rqB5hNE8CeMi3nX+2C2sj0HswfblST86hpVEOAb9x34NZd6P7A==" 102 | }, 103 | "btoa-lite": { 104 | "version": "1.0.0", 105 | "resolved": "https://registry.npmjs.org/btoa-lite/-/btoa-lite-1.0.0.tgz", 106 | "integrity": "sha1-M3dm2hWAEhD92VbCLpxokaudAzc=" 107 | }, 108 | "cross-spawn": { 109 | "version": "6.0.5", 110 | "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", 111 | "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", 112 | "requires": { 113 | "nice-try": "^1.0.4", 114 | "path-key": "^2.0.1", 115 | "semver": "^5.5.0", 116 | "shebang-command": "^1.2.0", 117 | "which": "^1.2.9" 118 | } 119 | }, 120 | "csv-parse": { 121 | "version": "4.8.2", 122 | "resolved": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.8.2.tgz", 123 | "integrity": "sha512-WfYwyJepTbjS5jWAWpVskOJ8Z10231HaFw6qJhSjGrpfMPf3yuoRohlasYsP/6/3YgTQcvZpTvoUo37eaei9Fw==" 124 | }, 125 | "debug": { 126 | "version": "4.1.1", 127 | "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", 128 | "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", 129 | "requires": { 130 | "ms": "^2.1.1" 131 | } 132 | }, 133 | "deprecation": { 134 | "version": "2.3.1", 135 | "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", 136 | "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" 137 | }, 138 | "end-of-stream": { 139 | "version": "1.4.4", 140 | "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", 141 | "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", 142 | "requires": { 143 | "once": "^1.4.0" 144 | } 145 | }, 146 | "execa": { 147 | "version": "1.0.0", 148 | "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", 149 | "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", 150 | "requires": { 151 | "cross-spawn": "^6.0.0", 152 | "get-stream": "^4.0.0", 153 | "is-stream": "^1.1.0", 154 | "npm-run-path": "^2.0.0", 155 | "p-finally": "^1.0.0", 156 | "signal-exit": "^3.0.0", 157 | "strip-eof": "^1.0.0" 158 | } 159 | }, 160 | "get-stream": { 161 | "version": "4.1.0", 162 | "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", 163 | "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", 164 | "requires": { 165 | "pump": "^3.0.0" 166 | } 167 | }, 168 | "is-plain-object": { 169 | "version": "3.0.0", 170 | "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-3.0.0.tgz", 171 | "integrity": "sha512-tZIpofR+P05k8Aocp7UI/2UTa9lTJSebCXpFFoR9aibpokDj/uXBsJ8luUu0tTVYKkMU6URDUuOfJZ7koewXvg==", 172 | "requires": { 173 | "isobject": "^4.0.0" 174 | } 175 | }, 176 | "is-stream": { 177 | "version": "1.1.0", 178 | "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", 179 | "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=" 180 | }, 181 | "isexe": { 182 | "version": "2.0.0", 183 | "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", 184 | "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=" 185 | }, 186 | "isobject": { 187 | "version": "4.0.0", 188 | "resolved": "https://registry.npmjs.org/isobject/-/isobject-4.0.0.tgz", 189 | "integrity": "sha512-S/2fF5wH8SJA/kmwr6HYhK/RI/OkhD84k8ntalo0iJjZikgq1XFvR5M8NPT1x5F7fBwCG3qHfnzeP/Vh/ZxCUA==" 190 | }, 191 | "lodash.get": { 192 | "version": "4.4.2", 193 | "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", 194 | "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=" 195 | }, 196 | "lodash.set": { 197 | "version": "4.3.2", 198 | "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz", 199 | "integrity": "sha1-2HV7HagH3eJIFrDWqEvqGnYjCyM=" 200 | }, 201 | "lodash.uniq": { 202 | "version": "4.5.0", 203 | "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", 204 | "integrity": "sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=" 205 | }, 206 | "macos-release": { 207 | "version": "2.3.0", 208 | "resolved": "https://registry.npmjs.org/macos-release/-/macos-release-2.3.0.tgz", 209 | "integrity": "sha512-OHhSbtcviqMPt7yfw5ef5aghS2jzFVKEFyCJndQt2YpSQ9qRVSEv2axSJI1paVThEu+FFGs584h/1YhxjVqajA==" 210 | }, 211 | "ms": { 212 | "version": "2.1.2", 213 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", 214 | "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" 215 | }, 216 | "nice-try": { 217 | "version": "1.0.5", 218 | "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", 219 | "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" 220 | }, 221 | "node-fetch": { 222 | "version": "2.6.1", 223 | "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", 224 | "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" 225 | }, 226 | "npm-run-path": { 227 | "version": "2.0.2", 228 | "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", 229 | "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", 230 | "requires": { 231 | "path-key": "^2.0.0" 232 | } 233 | }, 234 | "octokit-pagination-methods": { 235 | "version": "1.1.0", 236 | "resolved": "https://registry.npmjs.org/octokit-pagination-methods/-/octokit-pagination-methods-1.1.0.tgz", 237 | "integrity": "sha512-fZ4qZdQ2nxJvtcasX7Ghl+WlWS/d9IgnBIwFZXVNNZUmzpno91SX5bc5vuxiuKoCtK78XxGGNuSCrDC7xYB3OQ==" 238 | }, 239 | "once": { 240 | "version": "1.4.0", 241 | "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", 242 | "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", 243 | "requires": { 244 | "wrappy": "1" 245 | } 246 | }, 247 | "os-name": { 248 | "version": "3.1.0", 249 | "resolved": "https://registry.npmjs.org/os-name/-/os-name-3.1.0.tgz", 250 | "integrity": "sha512-h8L+8aNjNcMpo/mAIBPn5PXCM16iyPGjHNWo6U1YO8sJTMHtEtyczI6QJnLoplswm6goopQkqc7OAnjhWcugVg==", 251 | "requires": { 252 | "macos-release": "^2.2.0", 253 | "windows-release": "^3.1.0" 254 | } 255 | }, 256 | "p-finally": { 257 | "version": "1.0.0", 258 | "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", 259 | "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" 260 | }, 261 | "path-key": { 262 | "version": "2.0.1", 263 | "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", 264 | "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=" 265 | }, 266 | "pump": { 267 | "version": "3.0.0", 268 | "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", 269 | "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", 270 | "requires": { 271 | "end-of-stream": "^1.1.0", 272 | "once": "^1.3.1" 273 | } 274 | }, 275 | "semver": { 276 | "version": "5.7.1", 277 | "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", 278 | "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" 279 | }, 280 | "shebang-command": { 281 | "version": "1.2.0", 282 | "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", 283 | "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", 284 | "requires": { 285 | "shebang-regex": "^1.0.0" 286 | } 287 | }, 288 | "shebang-regex": { 289 | "version": "1.0.0", 290 | "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", 291 | "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=" 292 | }, 293 | "signal-exit": { 294 | "version": "3.0.2", 295 | "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz", 296 | "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=" 297 | }, 298 | "strip-eof": { 299 | "version": "1.0.0", 300 | "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", 301 | "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=" 302 | }, 303 | "typescript": { 304 | "version": "3.7.3", 305 | "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.7.3.tgz", 306 | "integrity": "sha512-Mcr/Qk7hXqFBXMN7p7Lusj1ktCBydylfQM/FZCk5glCNQJrCUKPkMHdo9R0MTFWsC/4kPFvDS0fDPvukfCkFsw==" 307 | }, 308 | "universal-user-agent": { 309 | "version": "4.0.0", 310 | "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz", 311 | "integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==", 312 | "requires": { 313 | "os-name": "^3.1.0" 314 | } 315 | }, 316 | "which": { 317 | "version": "1.3.1", 318 | "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", 319 | "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", 320 | "requires": { 321 | "isexe": "^2.0.0" 322 | } 323 | }, 324 | "windows-release": { 325 | "version": "3.2.0", 326 | "resolved": "https://registry.npmjs.org/windows-release/-/windows-release-3.2.0.tgz", 327 | "integrity": "sha512-QTlz2hKLrdqukrsapKsINzqMgOUpQW268eJ0OaOpJN32h272waxR9fkB9VoWRtK7uKHG5EHJcTXQBD8XZVJkFA==", 328 | "requires": { 329 | "execa": "^1.0.0" 330 | } 331 | }, 332 | "wrappy": { 333 | "version": "1.0.2", 334 | "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", 335 | "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" 336 | } 337 | } 338 | } 339 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "@actions/core": "^1.2.6", 4 | "@octokit/rest": "^16.35.2", 5 | "@octokit/webhooks": "^7.0.0", 6 | "@types/csv-parse": "^1.2.2", 7 | "@types/node": "^12.12.20", 8 | "csv-parse": "^4.8.2", 9 | "typescript": "^3.7.3" 10 | }, 11 | "scripts": { 12 | "build": "tsc" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/src/check.ts: -------------------------------------------------------------------------------- 1 | import csvParse from 'csv-parse'; 2 | import * as fs from 'fs'; 3 | import { promisify, inspect } from 'util'; 4 | 5 | import * as l10n from './l10n'; 6 | import { filterFalsey } from './util'; 7 | 8 | const readFile = promisify(fs.readFile); 9 | 10 | /** 11 | * Regular expression that matches only when the location is within the source 12 | * root, extracting the path and start and end lines 13 | * TODO: allow the source root to be configured 14 | * (for when snapshots are built outside LGTM) 15 | */ 16 | const SOURCE_REGEX = /^file\:\/\/\/opt\/src\/(.*)\:([0-9]+)\:[0-9]+\:([0-9]+)\:[0-9]+$/; 17 | 18 | const loadCsv = async (file: string) => { 19 | const contents = await readFile(file); 20 | return new Promise(resolve => 21 | csvParse(contents, { 22 | 23 | }, (err, output) => { 24 | resolve(output); 25 | }) 26 | ); 27 | } 28 | 29 | interface Location { 30 | path: string; 31 | lineStart: number; 32 | lineEnd: number; 33 | } 34 | 35 | export interface Result { 36 | label: string; 37 | location?: Location 38 | } 39 | 40 | export type ResultsCheck = { 41 | // CSV file has not been defined for this query yet 42 | status: 'undefined'; 43 | } | { 44 | status: 'correct'; 45 | count: number; 46 | } | { 47 | status: 'incorrect'; 48 | explanation: string; 49 | results?: { 50 | actualCount: number; 51 | expectedCount: number; 52 | /** 53 | * Results that are missing 54 | */ 55 | missingResults: Result[]; 56 | /** 57 | * Results that are not expected to appear at all 58 | */ 59 | unexpectedResults: Result[]; 60 | /** 61 | * Results that appeared more times than they should 62 | */ 63 | extraResults: Result[]; 64 | } 65 | } 66 | 67 | function getLocationFromURL(url: string): Location | undefined { 68 | const r = SOURCE_REGEX.exec(url); 69 | if (r) { 70 | return { 71 | path: '/' + r[1], 72 | lineStart: parseInt(r[2]), 73 | lineEnd: parseInt(r[3]) 74 | } 75 | } 76 | } 77 | 78 | interface Columns { 79 | /** 80 | * The column index used for the URLs of an entry 81 | */ 82 | url: number; 83 | /** 84 | * The column index used for the label of an entry 85 | */ 86 | label: number; 87 | } 88 | 89 | /** 90 | * Given the CSV header, determine which columns are used for the labels, and 91 | * which are used for the URLs; 92 | */ 93 | function extractColumns(header: string[]): Columns | null { 94 | if (header[0] === `URL for ${header[1]}`) { 95 | return { 96 | url: 0, 97 | label: 1 98 | } 99 | } else if (header[1] === `URL for ${header[0]}`) { 100 | return { 101 | url: 1, 102 | label: 0 103 | } 104 | } 105 | return null; 106 | } 107 | 108 | function explanation( 109 | {missing, unexpected, extra}: 110 | {missing: boolean, unexpected: boolean, extra: boolean} 111 | ): string { 112 | const problem = l10n.list(filterFalsey([ 113 | missing && 'missing some results', 114 | unexpected && 'selecting unexpected results', 115 | extra && 'selecting certain results too many times' 116 | ])) 117 | return `Your query is ${problem}`; 118 | } 119 | 120 | /** 121 | * Validate the results of the CSV 122 | */ 123 | export async function checkResults(expectedCSV: string, actualCSV: string): Promise { 124 | let columns: Columns | null; 125 | 126 | // Store counts of each label, location pair in the expected results 127 | 128 | /** 129 | * toString label -> location (URL) -> count 130 | */ 131 | const expectedResults = new Map>(); 132 | columns = null; 133 | let expectedCount = 0; 134 | for (const row of await loadCsv(expectedCSV)) { 135 | if (row.length < 2) { 136 | return { 137 | status: 'incorrect', 138 | explanation: 'Invalid number of columns in expected CSV' 139 | }; 140 | } 141 | if (!columns) { 142 | // If columns is not set, must be first (header) row 143 | columns = extractColumns(row); 144 | if (!columns) { 145 | // Unable to work out columns 146 | return { 147 | status: 'incorrect', 148 | explanation: 'Unable to extract columns from expected results' 149 | }; 150 | } 151 | continue; 152 | } 153 | expectedCount++; 154 | let locationURLs = expectedResults.get(row[columns.label]); 155 | if (!locationURLs) { 156 | locationURLs = new Map(); 157 | expectedResults.set(row[columns.label], locationURLs); 158 | } 159 | const count = locationURLs.get(row[columns.url]) || 0; 160 | locationURLs.set(row[columns.url], count + 1); 161 | } 162 | 163 | // Go through the actual results and check them against expected 164 | // TODO: optimize this to not require loading the entire CSV into memory 165 | 166 | columns = null; 167 | 168 | const missingResults: Result[] = []; 169 | const unexpectedResults: Result[] = []; 170 | const extraResults: Result[] = []; 171 | let actualCount = 0; 172 | for (const row of await loadCsv(actualCSV)) { 173 | if (row.length < 2) { 174 | return { 175 | status: 'incorrect', 176 | explanation: 'Invalid number of columns in results CSV' 177 | }; 178 | } 179 | if (!columns) { 180 | // If columns is not set, must be first (header) row 181 | columns = extractColumns(row); 182 | if (!columns) { 183 | // Unable to work out columns 184 | return { 185 | status: 'incorrect', 186 | explanation: ( 187 | 'Unexpected columns selected in results, make sure that the ' + 188 | 'first expression in your select clause is a code element.' 189 | ) 190 | }; 191 | } 192 | continue; 193 | } 194 | actualCount++; 195 | const label = row[columns.label]; 196 | const url = row[columns.url]; 197 | const locationURLs = expectedResults.get(label); 198 | if (locationURLs) { 199 | const count = locationURLs.get(url); 200 | if (count === undefined) { 201 | // Result is unexpected 202 | unexpectedResults.push({ 203 | label, 204 | location: getLocationFromURL(url) 205 | }); 206 | } else if (count === 0) { 207 | // Result appears too many times 208 | extraResults.push({ 209 | label, 210 | location: getLocationFromURL(url) 211 | }); 212 | } else { 213 | // Result expected 214 | locationURLs.set(url, count - 1); 215 | } 216 | } else { 217 | // Result is unexpected 218 | unexpectedResults.push({ 219 | label, 220 | location: getLocationFromURL(url) 221 | }); 222 | } 223 | } 224 | 225 | // Add missing results 226 | for (const labelEntry of expectedResults.entries()) { 227 | for (const urlEntry of labelEntry[1].entries()) { 228 | if (urlEntry[1] > 0) { 229 | missingResults.push({ 230 | label: labelEntry[0], 231 | location: getLocationFromURL(urlEntry[0]) 232 | }); 233 | } 234 | } 235 | } 236 | 237 | if (missingResults.length === 0 && 238 | unexpectedResults.length === 0 && 239 | extraResults.length === 0) { 240 | return { 241 | status: 'correct', 242 | count: actualCount 243 | } 244 | } 245 | 246 | return { 247 | status: 'incorrect', 248 | explanation: explanation({ 249 | missing: missingResults.length > 0, 250 | unexpected: unexpectedResults.length > 0, 251 | extra: extraResults.length > 0 252 | }), 253 | results: { 254 | actualCount, 255 | expectedCount, 256 | missingResults, 257 | unexpectedResults, 258 | extraResults, 259 | } 260 | } 261 | } 262 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/src/formatting.ts: -------------------------------------------------------------------------------- 1 | import { Result } from './check'; 2 | 3 | export function formatResults(locationPaths: string | undefined, results: Result[], label: string) { 4 | if (results.length === 0) return ''; 5 | if (results.length > 10) { 6 | label += ' (first 10 only)'; 7 | results = results.slice(0, 10); 8 | } 9 | let content = `\n\n**${label}:**\n`; 10 | for (const result of results) { 11 | if (result.location && locationPaths) { 12 | const url = locationPaths 13 | .replace('{path}', result.location.path) 14 | .replace('{line-start}', result.location.lineStart.toString()) 15 | .replace('{line-end}', result.location.lineEnd.toString()); 16 | content += `\n* [\`${result.label}\`](${url})`; 17 | } else { 18 | content += `\n* \`${result.label}\``; 19 | } 20 | } 21 | return content; 22 | } -------------------------------------------------------------------------------- /codeql-learninglab-check/package/src/l10n.ts: -------------------------------------------------------------------------------- 1 | type CountableType = 'query' | 'result'; 2 | 3 | export function pluralize(count: number, type: CountableType) { 4 | switch (type) { 5 | case 'query': 6 | return `${count} quer${count === 1 ? 'y' : 'ies'}` 7 | case 'result': 8 | return `${count} result${count === 1 ? '' : 's'}` 9 | } 10 | }; 11 | 12 | export function list(strings: string[]) { 13 | if (strings.length === 1) 14 | return strings[0]; 15 | return strings.slice(0, strings.length - 1).join(', ') + 16 | ' and ' + strings[strings.length - 1]; 17 | } 18 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/src/util.ts: -------------------------------------------------------------------------------- 1 | export function filterFalsey(arr: (T | false | undefined | null)[]): T[] { 2 | return arr.filter(value => value) as T[] 3 | } 4 | -------------------------------------------------------------------------------- /codeql-learninglab-check/package/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | /* Basic Options */ 4 | // "incremental": true, /* Enable incremental compilation */ 5 | "target": "es2019", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */ 6 | "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */ 7 | // "lib": [], /* Specify library files to be included in the compilation. */ 8 | // "allowJs": true, /* Allow javascript files to be compiled. */ 9 | // "checkJs": true, /* Report errors in .js files. */ 10 | // "jsx": "preserve", /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */ 11 | // "declaration": true, /* Generates corresponding '.d.ts' file. */ 12 | // "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */ 13 | // "sourceMap": true, /* Generates corresponding '.map' file. */ 14 | // "outFile": "./", /* Concatenate and emit output to single file. */ 15 | "outDir": "./build", /* Redirect output structure to the directory. */ 16 | "rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */ 17 | // "composite": true, /* Enable project compilation */ 18 | // "tsBuildInfoFile": "./", /* Specify file to store incremental compilation information */ 19 | // "removeComments": true, /* Do not emit comments to output. */ 20 | // "noEmit": true, /* Do not emit outputs. */ 21 | // "importHelpers": true, /* Import emit helpers from 'tslib'. */ 22 | // "downlevelIteration": true, /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */ 23 | // "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */ 24 | 25 | /* Strict Type-Checking Options */ 26 | "strict": true, /* Enable all strict type-checking options. */ 27 | // "noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */ 28 | // "strictNullChecks": true, /* Enable strict null checks. */ 29 | // "strictFunctionTypes": true, /* Enable strict checking of function types. */ 30 | // "strictBindCallApply": true, /* Enable strict 'bind', 'call', and 'apply' methods on functions. */ 31 | // "strictPropertyInitialization": true, /* Enable strict checking of property initialization in classes. */ 32 | // "noImplicitThis": true, /* Raise error on 'this' expressions with an implied 'any' type. */ 33 | // "alwaysStrict": true, /* Parse in strict mode and emit "use strict" for each source file. */ 34 | 35 | /* Additional Checks */ 36 | // "noUnusedLocals": true, /* Report errors on unused locals. */ 37 | // "noUnusedParameters": true, /* Report errors on unused parameters. */ 38 | // "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */ 39 | // "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */ 40 | 41 | /* Module Resolution Options */ 42 | // "moduleResolution": "node", /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */ 43 | // "baseUrl": "./", /* Base directory to resolve non-absolute module names. */ 44 | // "paths": {}, /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */ 45 | // "rootDirs": [], /* List of root folders whose combined content represents the structure of the project at runtime. */ 46 | // "typeRoots": [], /* List of folders to include type definitions from. */ 47 | // "types": [], /* Type declaration files to be included in compilation. */ 48 | // "allowSyntheticDefaultImports": true, /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */ 49 | "esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ 50 | // "preserveSymlinks": true, /* Do not resolve the real path of symlinks. */ 51 | // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ 52 | 53 | /* Source Map Options */ 54 | // "sourceRoot": "", /* Specify the location where debugger should locate TypeScript files instead of source locations. */ 55 | // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */ 56 | // "inlineSourceMap": true, /* Emit a single file with source maps instead of having a separate file. */ 57 | // "inlineSources": true, /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */ 58 | 59 | /* Experimental Options */ 60 | // "experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */ 61 | // "emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */ 62 | 63 | /* Advanced Options */ 64 | "forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */ 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /codeql-learninglab-check/publish.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | set -x 5 | 6 | echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com -u github-actions --password-stdin 7 | 8 | PREV_IMAGE_VERSION=v1.1.0 9 | IMAGE_VERSION=v2.0.0 10 | IMAGE_PATH=docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check 11 | IMAGE_TAG=${IMAGE_PATH}:${IMAGE_VERSION} 12 | 13 | # Pull the previous image to optimise build and skip uneccesary steps and share 14 | # more of the image with previous versions 15 | docker pull ${IMAGE_PATH}:${PREV_IMAGE_VERSION} 16 | 17 | if docker pull $IMAGE_TAG; then 18 | echo "image tag already exist, skipping..." 19 | else 20 | echo "image has not yet been published. building and publishing..." 21 | 22 | docker build -t $IMAGE_TAG . 23 | 24 | docker push $IMAGE_TAG 25 | fi 26 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/README.md: -------------------------------------------------------------------------------- 1 | # GitHub Security Lab CTF 1: SEGV hunt 2 | 3 | This folder contains the GitHub actions and docker images for this course. 4 | 5 | For the Learning lab course repositories, see: 6 | 7 | * [`githubtraining/codeql-ctf-segv`](https://github.com/githubtraining/codeql-ctf-segv) 8 | * [`githubtraining/codeql-ctf-segv-template`](https://github.com/githubtraining/codeql-ctf-segv-template) 9 | 10 | This Learning Lab course is still in development, 11 | in the meantime, 12 | you can take this course by reading the original instructions: 13 | https://securitylab.github.com/ctf/segv 14 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Check queries' 2 | description: 'Check that the queries that have been pushed (as part of the lesson) produce the correct results' 3 | author: 'GitHub ' 4 | runs: 5 | using: 'docker' 6 | image: 'docker://docker.pkg.github.com/github/codeql-learninglab-actions/courses-cpp-ctf-segv' 7 | branding: 8 | icon: 'check-circle' 9 | color: 'purple' -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/01_function_definitions.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 00_alloca_definition 3 | * @description Find the definition of the alloca macro 4 | * @kind problem 5 | */ 6 | 7 | import cpp 8 | 9 | from Function f 10 | where f.getName() = "getchar" 11 | select f, "a getchar function" 12 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/02_alloca_definition.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 01_alloca_definition 3 | * @description Find the definition of the alloca macro 4 | * @kind problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | 10 | from Macro alloca 11 | where alloca.getName() = "alloca" 12 | select alloca, "alloca macro" 13 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/03_alloca.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 10_alloca 3 | * @description Find all calls to alloca 4 | * @kind problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | 10 | from FunctionCall alloca 11 | where alloca.getTarget().getName() = "__builtin_alloca" 12 | select alloca, "call to alloca" 13 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/04_alloca_ignore_small.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 11_alloca_ignore_small 3 | * @description Find all calls to alloca, with small allocation sizes filtered out. 4 | * @kind problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 10 | 11 | from FunctionCall alloca, Expr sizeArg 12 | where 13 | alloca.getTarget().getName() = "__builtin_alloca" and 14 | sizeArg = alloca.getArgument(0) and 15 | (lowerBound(sizeArg) < 0 or 65536 <= upperBound(sizeArg)) 16 | select alloca, "call to alloca" 17 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/05_use_alloca.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 20_use_alloca 3 | * @description Find all calls to __libc_use_alloca 4 | * @kind problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 10 | 11 | from FunctionCall call 12 | where call.getTarget().getName() = "__libc_use_alloca" 13 | select call, "call to __libc_use_alloca" 14 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/06_use_alloca_guard.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 21_use_alloca_guard 3 | * @description Find all guard conditions where the condition is a call to 4 | * __libc_use_alloca. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | 13 | from GuardCondition guard 14 | where guard.(FunctionCall).getTarget().getName() = "__libc_use_alloca" 15 | select guard, "__libc_use_alloca guard" 16 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/07_use_alloca_guard.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 22_use_alloca_guard 3 | * @description Find all guard conditions where the condition is a call to 4 | * __libc_use_alloca. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | import semmle.code.cpp.dataflow.DataFlow 13 | 14 | from DataFlow::Node source, DataFlow::Node sink 15 | where 16 | source.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" and 17 | sink.asExpr() instanceof GuardCondition and 18 | DataFlow::localFlow(source, sink) 19 | select sink, "__libc_use_alloca guard" 20 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/08_use_alloca_guard.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 23_use_alloca_guard 3 | * @description Find all guard conditions where the condition is a call to 4 | * __libc_use_alloca. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | import semmle.code.cpp.dataflow.DataFlow 13 | 14 | DataFlow::Node use_alloca() { 15 | result.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" 16 | or 17 | result.asExpr().(FunctionCall).getTarget().getName() = "__builtin_expect" and 18 | result.asExpr().(FunctionCall).getArgument(0) = use_alloca().asExpr() 19 | or 20 | DataFlow::localFlow(use_alloca(), result) 21 | } 22 | 23 | from GuardCondition guard 24 | where guard = use_alloca().asExpr() 25 | select guard, "__libc_use_alloca guard" 26 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/09_use_alloca_guard.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 24_use_alloca_guard 3 | * @description Find all guard conditions where the condition is a call to 4 | * __libc_use_alloca. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | import semmle.code.cpp.dataflow.DataFlow 13 | 14 | DataFlow::Node use_alloca(boolean branch) { 15 | result.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" and 16 | branch = true 17 | or 18 | result.asExpr().(FunctionCall).getTarget().getName() = "__builtin_expect" and 19 | result.asExpr().(FunctionCall).getArgument(0) = use_alloca(branch).asExpr() 20 | or 21 | DataFlow::localFlow(use_alloca(branch), result) 22 | or 23 | result.asExpr().(NotExpr).getOperand() = use_alloca(branch.booleanNot()).asExpr() 24 | } 25 | 26 | from GuardCondition guard, boolean branch 27 | where guard = use_alloca(branch).asExpr() 28 | select guard, "__libc_use_alloca guard" 29 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/10_guarded_alloca.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 25_guarded_alloca 3 | * @description Find all calls to alloca that are safe because they are 4 | * guarded by a call to __libc_use_alloca. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | import semmle.code.cpp.dataflow.DataFlow 13 | 14 | DataFlow::Node use_alloca(boolean branch) { 15 | result.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" and 16 | branch = true 17 | or 18 | result.asExpr().(FunctionCall).getTarget().getName() = "__builtin_expect" and 19 | result.asExpr().(FunctionCall).getArgument(0) = use_alloca(branch).asExpr() 20 | or 21 | DataFlow::localFlow(use_alloca(branch), result) 22 | or 23 | result.asExpr().(NotExpr).getOperand() = use_alloca(branch.booleanNot()).asExpr() 24 | } 25 | 26 | from GuardCondition guard, boolean branch, FunctionCall alloca 27 | where 28 | guard = use_alloca(branch).asExpr() and 29 | guard.controls(alloca.getBasicBlock(), branch) and 30 | alloca.getTarget().getName() = "__builtin_alloca" 31 | select alloca, "safe call to __builtin_alloca" 32 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/11_alloca_ignore_small_or_guarded.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 30_alloca_ignore_small_or_guarded 3 | * @description Find all calls to alloca, with small allocation sizes and calls 4 | * guarded by __libc_use_alloca filtered out. 5 | * @kind problem 6 | * @problem.severity warning 7 | */ 8 | 9 | import cpp 10 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 11 | import semmle.code.cpp.controlflow.Guards 12 | import semmle.code.cpp.dataflow.DataFlow 13 | 14 | DataFlow::Node use_alloca(boolean branch) { 15 | result.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" and 16 | branch = true 17 | or 18 | result.asExpr().(FunctionCall).getTarget().getName() = "__builtin_expect" and 19 | result.asExpr().(FunctionCall).getArgument(0) = use_alloca(branch).asExpr() 20 | or 21 | DataFlow::localFlow(use_alloca(branch), result) 22 | or 23 | result.asExpr().(NotExpr).getOperand() = use_alloca(branch.booleanNot()).asExpr() 24 | } 25 | 26 | predicate guarded_alloca(FunctionCall alloca) { 27 | exists(GuardCondition guard, BasicBlock block, boolean branch | 28 | guard = use_alloca(branch).asExpr() and 29 | guard.controls(block, branch) and 30 | block.contains(alloca) 31 | ) 32 | } 33 | 34 | from FunctionCall alloca, Expr sizeArg 35 | where 36 | alloca.getTarget().getName() = "__builtin_alloca" and 37 | sizeArg = alloca.getArgument(0) and 38 | (lowerBound(sizeArg) < 0 or 65536 <= upperBound(sizeArg)) and 39 | not guarded_alloca(alloca) 40 | select alloca, "call to alloca" 41 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/12_fopen.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 40_fopen 3 | * @description Find all calls to fopen 4 | * @kind problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | 10 | from FunctionCall call 11 | where call.getTarget().getName().matches("%fopen") 12 | select call, "call to fopen" 13 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/13_fopen_to_alloca_taint.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name 41_fopen_to_alloca_taint 3 | * @description Track taint from fopen to alloca. 4 | * @kind path-problem 5 | * @problem.severity warning 6 | */ 7 | 8 | import cpp 9 | import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis 10 | import semmle.code.cpp.dataflow.TaintTracking 11 | import semmle.code.cpp.models.interfaces.DataFlow 12 | import semmle.code.cpp.controlflow.Guards 13 | import DataFlow::PathGraph 14 | 15 | // Track taint through `__strnlen`. 16 | class StrlenFunction extends DataFlowFunction { 17 | StrlenFunction() { this.getName().matches("%str%len%") } 18 | 19 | override predicate hasDataFlow(FunctionInput i, FunctionOutput o) { 20 | i.isInParameter(0) and o.isOutReturnValue() 21 | } 22 | } 23 | 24 | // Track taint through `__getdelim`. 25 | class GetDelimFunction extends DataFlowFunction { 26 | GetDelimFunction() { this.getName().matches("%get%delim%") } 27 | 28 | override predicate hasDataFlow(FunctionInput i, FunctionOutput o) { 29 | i.isInParameter(3) and o.isOutParameterPointer(0) 30 | } 31 | } 32 | 33 | DataFlow::Node use_alloca(boolean branch) { 34 | result.asExpr().(FunctionCall).getTarget().getName() = "__libc_use_alloca" and 35 | branch = true 36 | or 37 | result.asExpr().(FunctionCall).getTarget().getName() = "__builtin_expect" and 38 | result.asExpr().(FunctionCall).getArgument(0) = use_alloca(branch).asExpr() 39 | or 40 | DataFlow::localFlow(use_alloca(branch), result) 41 | or 42 | result.asExpr().(NotExpr).getOperand() = use_alloca(branch.booleanNot()).asExpr() 43 | } 44 | 45 | predicate guarded_alloca(FunctionCall alloca) { 46 | exists(GuardCondition guard, BasicBlock block, boolean branch | 47 | guard = use_alloca(branch).asExpr() and 48 | guard.controls(block, branch) and 49 | block.contains(alloca) 50 | ) 51 | } 52 | 53 | class Config extends TaintTracking::Configuration { 54 | Config() { this = "fopen_to_alloca_taint" } 55 | 56 | override predicate isSource(DataFlow::Node source) { 57 | source.asExpr().(FunctionCall).getTarget().getName().regexpMatch(".*fopen") 58 | } 59 | 60 | override predicate isSink(DataFlow::Node sink) { 61 | exists(FunctionCall alloca, Expr sizeArg | 62 | alloca.getTarget().getName() = "__builtin_alloca" and 63 | sizeArg = alloca.getArgument(0) and 64 | (lowerBound(sizeArg) < 0 or 65536 <= upperBound(sizeArg)) and 65 | not guarded_alloca(alloca) and 66 | sink.asExpr() = sizeArg 67 | ) 68 | } 69 | } 70 | 71 | from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sink 72 | where cfg.hasFlowPath(source, sink) 73 | select sink, source, sink, "fopen flows to alloca" 74 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/answers/qlpack.yml: -------------------------------------------------------------------------------- 1 | name: codeql-lesson-test 2 | version: 0.0.0 3 | libraryPathDependencies: codeql-cpp 4 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check:v0.0.10 2 | 3 | ## Add course config 4 | COPY --chown=codeql:codeql config /home/codeql/config 5 | WORKDIR /home/codeql/config 6 | # Download, unzip and then delete the zip file in one step to reduce image size 7 | RUN wget --quiet https://downloads.lgtm.com/snapshots/cpp/GNU/glibc/bminor_glibc_cpp-srcVersion_333221862ecbebde60dd16e7ca17d26444e62f50-dist_odasa-lgtm-2019-04-08-af06f68-linux64.zip -O database.zip && unzip -qq database.zip && rm -rf database.zip 8 | -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/0.0_function_definitions.csv: -------------------------------------------------------------------------------- 1 | "f","URL for f","col1" 2 | "getchar","file:///opt/src/libio/getchar.c:33:1:33:7","a getchar function" 3 | "getchar","file:///opt/src/libio/bits/stdio.h:47:1:47:7","a getchar function" 4 | "getchar","file:///opt/src/libio/bits/stdio.h:47:1:47:7","a getchar function" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/0.1_alloca_definition.csv: -------------------------------------------------------------------------------- 1 | "alloca","URL for alloca","col1" 2 | "#define alloca(size) __builtin_alloca (size)","file:///opt/src/stdlib/alloca.h:35:1:35:45","alloca macro" 3 | "#define alloca __builtin_alloca","file:///opt/src/intl/dcigettext.c:31:1:31:32","alloca macro" 4 | "#define alloca __builtin_alloca","file:///opt/src/intl/localealias.c:37:1:37:32","alloca macro" 5 | "#define alloca __builtin_alloca","file:///opt/src/stdlib/gmp-impl.h:23:1:23:31","alloca macro" 6 | "#define alloca __builtin_alloca","file:///opt/src/io/ftw.c:25:1:25:32","alloca macro" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.0_use_alloca.csv: -------------------------------------------------------------------------------- 1 | "call","URL for call","col1" 2 | "call to __libc_use_alloca","file:///opt/src/crypt/md5-crypt.c:118:11:118:27","call to __libc_use_alloca" 3 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:150:11:150:27","call to __libc_use_alloca" 4 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:247:7:247:23","call to __libc_use_alloca" 5 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:150:11:150:27","call to __libc_use_alloca" 6 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:246:7:246:23","call to __libc_use_alloca" 7 | "call to __libc_use_alloca","file:///opt/src/iconv/iconv_open.c:38:27:38:43","call to __libc_use_alloca" 8 | "call to __libc_use_alloca","file:///opt/src/iconv/iconv_open.c:53:29:53:45","call to __libc_use_alloca" 9 | "call to __libc_use_alloca","file:///opt/src/nptl/pthread_create.c:642:24:642:40","call to __libc_use_alloca" 10 | "call to __libc_use_alloca","file:///opt/src/nscd/grpcache.c:221:10:221:26","call to __libc_use_alloca" 11 | "call to __libc_use_alloca","file:///opt/src/nscd/nscd_getserv_r.c:93:20:93:36","call to __libc_use_alloca" 12 | "call to __libc_use_alloca","file:///opt/src/nscd/nscd_getserv_r.c:251:5:251:21","call to __libc_use_alloca" 13 | "call to __libc_use_alloca","file:///opt/src/nscd/nscd_netgroup.c:172:21:172:37","call to __libc_use_alloca" 14 | "call to __libc_use_alloca","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","call to __libc_use_alloca" 15 | "call to __libc_use_alloca","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","call to __libc_use_alloca" 16 | "call to __libc_use_alloca","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","call to __libc_use_alloca" 17 | "call to __libc_use_alloca","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","call to __libc_use_alloca" 18 | "call to __libc_use_alloca","file:///opt/src/posix/getopt.c:252:8:252:24","call to __libc_use_alloca" 19 | "call to __libc_use_alloca","file:///opt/src/stdio-common/fxprintf.c:46:7:46:23","call to __libc_use_alloca" 20 | "call to __libc_use_alloca","file:///opt/src/stdio-common/printf_fp.c:914:25:914:41","call to __libc_use_alloca" 21 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","call to __libc_use_alloca" 22 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 23 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 24 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","call to __libc_use_alloca" 25 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","call to __libc_use_alloca" 26 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","call to __libc_use_alloca" 27 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 28 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 29 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","call to __libc_use_alloca" 30 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 31 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 32 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","call to __libc_use_alloca" 33 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","call to __libc_use_alloca" 34 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","call to __libc_use_alloca" 35 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 36 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 37 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","call to __libc_use_alloca" 38 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 39 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","call to __libc_use_alloca" 40 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","call to __libc_use_alloca" 41 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","call to __libc_use_alloca" 42 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 43 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","call to __libc_use_alloca" 44 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","call to __libc_use_alloca" 45 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","call to __libc_use_alloca" 46 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","call to __libc_use_alloca" 47 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","call to __libc_use_alloca" 48 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","call to __libc_use_alloca" 49 | "call to __libc_use_alloca","file:///opt/src/stdlib/putenv.c:60:25:60:41","call to __libc_use_alloca" 50 | "call to __libc_use_alloca","file:///opt/src/stdlib/setenv.c:184:21:184:37","call to __libc_use_alloca" 51 | "call to __libc_use_alloca","file:///opt/src/sysdeps/posix/getaddrinfo.c:2292:5:2292:21","call to __libc_use_alloca" 52 | "call to __libc_use_alloca","file:///opt/src/sysdeps/posix/getaddrinfo.c:2292:5:2292:21","call to __libc_use_alloca" 53 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:91:7:91:23","call to __libc_use_alloca" 54 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:37:20:37:36","call to __libc_use_alloca" 55 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:99:20:99:36","call to __libc_use_alloca" 56 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsysstats.c:139:30:139:46","call to __libc_use_alloca" 57 | "call to __libc_use_alloca","file:///opt/src/posix/glob.c:227:14:227:30","call to __libc_use_alloca" 58 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:144:7:144:23","call to __libc_use_alloca" 59 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:37:20:37:36","call to __libc_use_alloca" 60 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:38:20:38:36","call to __libc_use_alloca" 61 | "call to __libc_use_alloca","file:///opt/src/time/getdate.c:159:11:159:27","call to __libc_use_alloca" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.1_use_alloca_guard.csv: -------------------------------------------------------------------------------- 1 | "guard","URL for guard","col1" 2 | "call to __libc_use_alloca","file:///opt/src/crypt/md5-crypt.c:118:11:118:27","__libc_use_alloca guard" 3 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:150:11:150:27","__libc_use_alloca guard" 4 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:247:7:247:23","__libc_use_alloca guard" 5 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:150:11:150:27","__libc_use_alloca guard" 6 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:246:7:246:23","__libc_use_alloca guard" 7 | "call to __libc_use_alloca","file:///opt/src/nscd/grpcache.c:221:10:221:26","__libc_use_alloca guard" 8 | "call to __libc_use_alloca","file:///opt/src/posix/getopt.c:252:8:252:24","__libc_use_alloca guard" 9 | "call to __libc_use_alloca","file:///opt/src/stdio-common/fxprintf.c:46:7:46:23","__libc_use_alloca guard" 10 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 11 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 12 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 13 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 14 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 15 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 16 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 17 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 18 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 19 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 20 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 21 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 22 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 23 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 24 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 25 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 26 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 27 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 28 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 29 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 30 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 31 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 32 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 33 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 34 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 35 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 36 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 37 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 38 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:91:7:91:23","__libc_use_alloca guard" 39 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsysstats.c:139:30:139:46","__libc_use_alloca guard" 40 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:144:7:144:23","__libc_use_alloca guard" 41 | "call to __libc_use_alloca","file:///opt/src/time/getdate.c:159:11:159:27","__libc_use_alloca guard" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.2_use_alloca_guard.csv: -------------------------------------------------------------------------------- 1 | "sink","URL for sink","col1" 2 | "call to __libc_use_alloca","file:///opt/src/crypt/md5-crypt.c:118:11:118:27","__libc_use_alloca guard" 3 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:150:11:150:27","__libc_use_alloca guard" 4 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:247:7:247:23","__libc_use_alloca guard" 5 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:150:11:150:27","__libc_use_alloca guard" 6 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:246:7:246:23","__libc_use_alloca guard" 7 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:39:7:39:22","__libc_use_alloca guard" 8 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:54:7:54:24","__libc_use_alloca guard" 9 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:61:10:61:25","__libc_use_alloca guard" 10 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:73:9:73:26","__libc_use_alloca guard" 11 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:75:9:75:24","__libc_use_alloca guard" 12 | "call to __libc_use_alloca","file:///opt/src/nscd/grpcache.c:221:10:221:26","__libc_use_alloca guard" 13 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:95:7:95:16","__libc_use_alloca guard" 14 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:254:12:254:29","__libc_use_alloca guard" 15 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:376:9:376:26","__libc_use_alloca guard" 16 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:382:8:382:25","__libc_use_alloca guard" 17 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:384:8:384:17","__libc_use_alloca guard" 18 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:173:7:173:16","__libc_use_alloca guard" 19 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:285:9:285:18","__libc_use_alloca guard" 20 | "call to __libc_use_alloca","file:///opt/src/posix/getopt.c:252:8:252:24","__libc_use_alloca guard" 21 | "call to __libc_use_alloca","file:///opt/src/stdio-common/fxprintf.c:46:7:46:23","__libc_use_alloca guard" 22 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 23 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 24 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 25 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 26 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 27 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 28 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 29 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 30 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 31 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 32 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 33 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 34 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 35 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 36 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 37 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 38 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 39 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 40 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 41 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 42 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 43 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 44 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 45 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 46 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 47 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 48 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 49 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 50 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:91:7:91:23","__libc_use_alloca guard" 51 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 52 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:65:9:65:18","__libc_use_alloca guard" 53 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:102:7:102:16","__libc_use_alloca guard" 54 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:139:9:139:18","__libc_use_alloca guard" 55 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsysstats.c:139:30:139:46","__libc_use_alloca guard" 56 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:144:7:144:23","__libc_use_alloca guard" 57 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 58 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:57:9:57:18","__libc_use_alloca guard" 59 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:41:7:41:16","__libc_use_alloca guard" 60 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:67:9:67:18","__libc_use_alloca guard" 61 | "call to __libc_use_alloca","file:///opt/src/time/getdate.c:159:11:159:27","__libc_use_alloca guard" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.3_use_alloca_guard.csv: -------------------------------------------------------------------------------- 1 | "guard","URL for guard","col1" 2 | "call to __libc_use_alloca","file:///opt/src/crypt/md5-crypt.c:118:11:118:27","__libc_use_alloca guard" 3 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:150:11:150:27","__libc_use_alloca guard" 4 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:247:7:247:23","__libc_use_alloca guard" 5 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:150:11:150:27","__libc_use_alloca guard" 6 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:246:7:246:23","__libc_use_alloca guard" 7 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:39:7:39:22","__libc_use_alloca guard" 8 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:54:7:54:24","__libc_use_alloca guard" 9 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:61:10:61:25","__libc_use_alloca guard" 10 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:73:9:73:26","__libc_use_alloca guard" 11 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:75:9:75:24","__libc_use_alloca guard" 12 | "call to __builtin_expect","file:///opt/src/nptl/pthread_create.c:642:8:642:54","__libc_use_alloca guard" 13 | "call to __libc_use_alloca","file:///opt/src/nscd/grpcache.c:221:10:221:26","__libc_use_alloca guard" 14 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:95:7:95:16","__libc_use_alloca guard" 15 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:254:12:254:29","__libc_use_alloca guard" 16 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:376:9:376:26","__libc_use_alloca guard" 17 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:382:8:382:25","__libc_use_alloca guard" 18 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:384:8:384:17","__libc_use_alloca guard" 19 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:173:7:173:16","__libc_use_alloca guard" 20 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:285:9:285:18","__libc_use_alloca guard" 21 | "call to __libc_use_alloca","file:///opt/src/posix/getopt.c:252:8:252:24","__libc_use_alloca guard" 22 | "call to __libc_use_alloca","file:///opt/src/stdio-common/fxprintf.c:46:7:46:23","__libc_use_alloca guard" 23 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 24 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 25 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 26 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 27 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 28 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 29 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 30 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 31 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 32 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 33 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 34 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 35 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 36 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 37 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 38 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 39 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 40 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 41 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 42 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 43 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 44 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 45 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 46 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 47 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 48 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 49 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 50 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 51 | "call to __builtin_expect","file:///opt/src/stdlib/setenv.c:185:8:185:23","__libc_use_alloca guard" 52 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:91:7:91:23","__libc_use_alloca guard" 53 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 54 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:65:9:65:18","__libc_use_alloca guard" 55 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:102:7:102:16","__libc_use_alloca guard" 56 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:139:9:139:18","__libc_use_alloca guard" 57 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsysstats.c:139:30:139:46","__libc_use_alloca guard" 58 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:144:7:144:23","__libc_use_alloca guard" 59 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 60 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:57:9:57:18","__libc_use_alloca guard" 61 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:41:7:41:16","__libc_use_alloca guard" 62 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:67:9:67:18","__libc_use_alloca guard" 63 | "call to __libc_use_alloca","file:///opt/src/time/getdate.c:159:11:159:27","__libc_use_alloca guard" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.4_use_alloca_guard.csv: -------------------------------------------------------------------------------- 1 | "guard","URL for guard","col1" 2 | "call to __libc_use_alloca","file:///opt/src/crypt/md5-crypt.c:118:11:118:27","__libc_use_alloca guard" 3 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:150:11:150:27","__libc_use_alloca guard" 4 | "call to __libc_use_alloca","file:///opt/src/crypt/sha256-crypt.c:247:7:247:23","__libc_use_alloca guard" 5 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:150:11:150:27","__libc_use_alloca guard" 6 | "call to __libc_use_alloca","file:///opt/src/crypt/sha512-crypt.c:246:7:246:23","__libc_use_alloca guard" 7 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:39:7:39:22","__libc_use_alloca guard" 8 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:54:7:54:24","__libc_use_alloca guard" 9 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:61:10:61:25","__libc_use_alloca guard" 10 | "! ...","file:///opt/src/iconv/iconv_open.c:61:8:61:25","__libc_use_alloca guard" 11 | "fromcode_usealloca","file:///opt/src/iconv/iconv_open.c:73:9:73:26","__libc_use_alloca guard" 12 | "! ...","file:///opt/src/iconv/iconv_open.c:73:7:73:26","__libc_use_alloca guard" 13 | "tocode_usealloca","file:///opt/src/iconv/iconv_open.c:75:9:75:24","__libc_use_alloca guard" 14 | "! ...","file:///opt/src/iconv/iconv_open.c:75:7:75:24","__libc_use_alloca guard" 15 | "call to __builtin_expect","file:///opt/src/nptl/pthread_create.c:642:8:642:54","__libc_use_alloca guard" 16 | "call to __libc_use_alloca","file:///opt/src/nscd/grpcache.c:221:10:221:26","__libc_use_alloca guard" 17 | "! ...","file:///opt/src/nscd/grpcache.c:221:8:221:52","__libc_use_alloca guard" 18 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:95:7:95:16","__libc_use_alloca guard" 19 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:254:12:254:29","__libc_use_alloca guard" 20 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:376:9:376:26","__libc_use_alloca guard" 21 | "! ...","file:///opt/src/nscd/nscd_getserv_r.c:376:8:376:26","__libc_use_alloca guard" 22 | "alloca_aliases_len","file:///opt/src/nscd/nscd_getserv_r.c:382:8:382:25","__libc_use_alloca guard" 23 | "! ...","file:///opt/src/nscd/nscd_getserv_r.c:382:7:382:25","__libc_use_alloca guard" 24 | "alloca_key","file:///opt/src/nscd/nscd_getserv_r.c:384:8:384:17","__libc_use_alloca guard" 25 | "! ...","file:///opt/src/nscd/nscd_getserv_r.c:384:7:384:17","__libc_use_alloca guard" 26 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:173:7:173:16","__libc_use_alloca guard" 27 | "use_alloca","file:///opt/src/nscd/nscd_netgroup.c:285:9:285:18","__libc_use_alloca guard" 28 | "! ...","file:///opt/src/nscd/nscd_netgroup.c:285:7:285:18","__libc_use_alloca guard" 29 | "call to __builtin_expect","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","__libc_use_alloca guard" 30 | "call to __builtin_expect","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","__libc_use_alloca guard" 31 | "call to __builtin_expect","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","__libc_use_alloca guard" 32 | "call to __builtin_expect","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","__libc_use_alloca guard" 33 | "call to __libc_use_alloca","file:///opt/src/posix/getopt.c:252:8:252:24","__libc_use_alloca guard" 34 | "call to __libc_use_alloca","file:///opt/src/stdio-common/fxprintf.c:46:7:46:23","__libc_use_alloca guard" 35 | "call to __builtin_expect","file:///opt/src/stdio-common/printf_fp.c:915:9:915:24","__libc_use_alloca guard" 36 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1162:7:1162:29","__libc_use_alloca guard" 37 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1165:7:1165:19","__libc_use_alloca guard" 38 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1167:7:1167:19","__libc_use_alloca guard" 39 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1169:7:1169:19","__libc_use_alloca guard" 40 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1172:7:1172:23","__libc_use_alloca guard" 41 | "call to __builtin_expect","file:///opt/src/stdio-common/printf_fp.c:1201:8:1201:41","__libc_use_alloca guard" 42 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1246:7:1246:65","__libc_use_alloca guard" 43 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1246:7:1246:65","__libc_use_alloca guard" 44 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1246:7:1246:65","__libc_use_alloca guard" 45 | "call to __builtin_expect","file:///opt/src/stdio-common/printf_fp.c:1249:11:1249:44","__libc_use_alloca guard" 46 | "buffer_malloced","file:///opt/src/stdio-common/printf_fp.c:1257:7:1257:29","__libc_use_alloca guard" 47 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 48 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 49 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 50 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 51 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 52 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 53 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 54 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 55 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 56 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 57 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 58 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 59 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 60 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 61 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 62 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 63 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 64 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 65 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 66 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 67 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 68 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 69 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1967:8:1967:24","__libc_use_alloca guard" 70 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","__libc_use_alloca guard" 71 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1480:10:1480:26","__libc_use_alloca guard" 72 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1512:8:1512:24","__libc_use_alloca guard" 73 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1588:8:1588:24","__libc_use_alloca guard" 74 | "call to __libc_use_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","__libc_use_alloca guard" 75 | "call to __builtin_expect","file:///opt/src/stdlib/putenv.c:61:11:61:26","__libc_use_alloca guard" 76 | "call to __builtin_expect","file:///opt/src/stdlib/putenv.c:79:11:79:39","__libc_use_alloca guard" 77 | "call to __builtin_expect","file:///opt/src/stdlib/setenv.c:185:8:185:23","__libc_use_alloca guard" 78 | "call to __builtin_expect","file:///opt/src/stdlib/setenv.c:210:12:210:42","__libc_use_alloca guard" 79 | "call to __builtin_expect","file:///opt/src/stdlib/setenv.c:236:12:236:42","__libc_use_alloca guard" 80 | "malloc_results","file:///opt/src/sysdeps/posix/getaddrinfo.c:2293:11:2293:24","__libc_use_alloca guard" 81 | "malloc_results","file:///opt/src/sysdeps/posix/getaddrinfo.c:2483:11:2483:24","__libc_use_alloca guard" 82 | "malloc_results","file:///opt/src/sysdeps/posix/getaddrinfo.c:2293:11:2293:24","__libc_use_alloca guard" 83 | "malloc_results","file:///opt/src/sysdeps/posix/getaddrinfo.c:2483:11:2483:24","__libc_use_alloca guard" 84 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:91:7:91:23","__libc_use_alloca guard" 85 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 86 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:65:9:65:18","__libc_use_alloca guard" 87 | "! ...","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:65:7:65:18","__libc_use_alloca guard" 88 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:102:7:102:16","__libc_use_alloca guard" 89 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:139:9:139:18","__libc_use_alloca guard" 90 | "! ...","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:139:7:139:18","__libc_use_alloca guard" 91 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsysstats.c:139:30:139:46","__libc_use_alloca guard" 92 | "call to __libc_use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:144:7:144:23","__libc_use_alloca guard" 93 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:40:7:40:16","__libc_use_alloca guard" 94 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:57:9:57:18","__libc_use_alloca guard" 95 | "! ...","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:57:7:57:18","__libc_use_alloca guard" 96 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:41:7:41:16","__libc_use_alloca guard" 97 | "use_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:67:9:67:18","__libc_use_alloca guard" 98 | "! ...","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:67:7:67:18","__libc_use_alloca guard" 99 | "call to __libc_use_alloca","file:///opt/src/time/getdate.c:159:11:159:27","__libc_use_alloca guard" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/2.5_guarded_alloca.csv: -------------------------------------------------------------------------------- 1 | "alloca","URL for alloca","col1" 2 | "call to __builtin_alloca","file:///opt/src/crypt/md5-crypt.c:119:17:119:59","safe call to __builtin_alloca" 3 | "call to __builtin_alloca","file:///opt/src/crypt/sha256-crypt.c:151:8:151:69","safe call to __builtin_alloca" 4 | "call to __builtin_alloca","file:///opt/src/crypt/sha256-crypt.c:248:29:248:44","safe call to __builtin_alloca" 5 | "call to __builtin_alloca","file:///opt/src/crypt/sha512-crypt.c:151:8:151:69","safe call to __builtin_alloca" 6 | "call to __builtin_alloca","file:///opt/src/crypt/sha512-crypt.c:247:29:247:44","safe call to __builtin_alloca" 7 | "call to __builtin_alloca","file:///opt/src/iconv/iconv_open.c:40:28:40:46","safe call to __builtin_alloca" 8 | "call to __builtin_alloca","file:///opt/src/iconv/iconv_open.c:55:30:55:50","safe call to __builtin_alloca" 9 | "call to __builtin_alloca","file:///opt/src/nptl/pthread_create.c:643:15:643:35","safe call to __builtin_alloca" 10 | "call to __builtin_alloca","file:///opt/src/nscd/grpcache.c:231:16:231:54","safe call to __builtin_alloca" 11 | "call to __builtin_alloca","file:///opt/src/nscd/nscd_getserv_r.c:96:11:96:46","safe call to __builtin_alloca" 12 | "call to __builtin_alloca","file:///opt/src/nscd/nscd_getserv_r.c:255:17:257:23","safe call to __builtin_alloca" 13 | "call to __builtin_alloca","file:///opt/src/nscd/nscd_netgroup.c:174:11:174:26","safe call to __builtin_alloca" 14 | "call to __builtin_alloca","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","safe call to __builtin_alloca" 15 | "call to __builtin_alloca","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","safe call to __builtin_alloca" 16 | "call to __builtin_alloca","file:///opt/src/posix/fnmatch_loop.c:1070:6:1070:16","safe call to __builtin_alloca" 17 | "call to __builtin_alloca","file:///opt/src/posix/fnmatch_loop.c:1077:6:1077:16","safe call to __builtin_alloca" 18 | "call to __builtin_alloca","file:///opt/src/posix/getopt.c:253:18:253:35","safe call to __builtin_alloca" 19 | "call to __builtin_alloca","file:///opt/src/stdio-common/fxprintf.c:47:12:47:42","safe call to __builtin_alloca" 20 | "call to __builtin_alloca","file:///opt/src/stdio-common/printf_fp.c:923:29:923:53","safe call to __builtin_alloca" 21 | "call to __builtin_alloca","file:///opt/src/stdio-common/printf_fp.c:1212:24:1212:39","safe call to __builtin_alloca" 22 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1969:28:1970:25","safe call to __builtin_alloca" 23 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 24 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 25 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1481:29:1481:43","safe call to __builtin_alloca" 26 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1513:27:1513:41","safe call to __builtin_alloca" 27 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1589:27:1589:41","safe call to __builtin_alloca" 28 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 29 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 30 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1969:28:1970:25","safe call to __builtin_alloca" 31 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 32 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 33 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1481:29:1481:43","safe call to __builtin_alloca" 34 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1513:27:1513:41","safe call to __builtin_alloca" 35 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1589:27:1589:41","safe call to __builtin_alloca" 36 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 37 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 38 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1969:28:1970:25","safe call to __builtin_alloca" 39 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 40 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1481:29:1481:43","safe call to __builtin_alloca" 41 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1513:27:1513:41","safe call to __builtin_alloca" 42 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1589:27:1589:41","safe call to __builtin_alloca" 43 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 44 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1969:28:1970:25","safe call to __builtin_alloca" 45 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:2026:4:2026:45","safe call to __builtin_alloca" 46 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1481:29:1481:43","safe call to __builtin_alloca" 47 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1513:27:1513:41","safe call to __builtin_alloca" 48 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1589:27:1589:41","safe call to __builtin_alloca" 49 | "call to __builtin_alloca","file:///opt/src/stdio-common/vfprintf-internal.c:1645:4:1645:53","safe call to __builtin_alloca" 50 | "call to __builtin_alloca","file:///opt/src/stdlib/putenv.c:68:9:68:44","safe call to __builtin_alloca" 51 | "call to __builtin_alloca","file:///opt/src/stdlib/setenv.c:186:27:186:41","safe call to __builtin_alloca" 52 | "call to __builtin_alloca","file:///opt/src/sysdeps/posix/getaddrinfo.c:2303:12:2303:30","safe call to __builtin_alloca" 53 | "call to __builtin_alloca","file:///opt/src/sysdeps/posix/getaddrinfo.c:2303:12:2303:30","safe call to __builtin_alloca" 54 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/check_native.c:92:11:92:27","safe call to __builtin_alloca" 55 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getipv4sourcefilter.c:41:35:41:49","safe call to __builtin_alloca" 56 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/getsourcefilter.c:103:34:103:48","safe call to __builtin_alloca" 57 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/ifaddrs.c:145:11:145:27","safe call to __builtin_alloca" 58 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setipv4sourcefilter.c:41:35:41:49","safe call to __builtin_alloca" 59 | "call to __builtin_alloca","file:///opt/src/sysdeps/unix/sysv/linux/setsourcefilter.c:42:34:42:48","safe call to __builtin_alloca" 60 | "call to __builtin_alloca","file:///opt/src/time/getdate.c:160:10:160:27","safe call to __builtin_alloca" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/4.0_fopen.csv: -------------------------------------------------------------------------------- 1 | "call","URL for call","col1" 2 | "call to fopen","file:///opt/src/catgets/gencat.c:1022:9:1022:13","call to fopen" 3 | "call to fopen","file:///opt/src/catgets/gencat.c:284:10:284:14","call to fopen" 4 | "call to fopen","file:///opt/src/elf/ldconfig.c:1070:9:1070:13","call to fopen" 5 | "call to fopen","file:///opt/src/elf/ldconfig.c:1077:14:1077:18","call to fopen" 6 | "call to fopen","file:///opt/src/elf/readlib.c:91:10:91:14","call to fopen" 7 | "call to fopen","file:///opt/src/elf/sln.c:94:12:94:16","call to fopen" 8 | "call to fopen","file:///opt/src/hesiod/hesiod.c:258:13:258:17","call to fopen" 9 | "call to _IO_new_fopen","file:///opt/src/iconv/gconv_conf.c:369:14:369:36","call to fopen" 10 | "call to fopen","file:///opt/src/iconv/iconv_charmap.c:139:16:139:20","call to fopen" 11 | "call to fopen","file:///opt/src/iconv/iconv_prog.c:443:14:443:18","call to fopen" 12 | "call to fopen","file:///opt/src/iconv/iconvconfig.c:672:8:672:12","call to fopen" 13 | "call to iruserfopen","file:///opt/src/inet/rcmd.c:528:13:528:23","call to fopen" 14 | "call to iruserfopen","file:///opt/src/inet/rcmd.c:562:16:562:26","call to fopen" 15 | "call to _IO_new_fopen","file:///opt/src/inet/rcmd.c:483:13:483:31","call to fopen" 16 | "call to _IO_new_fopen","file:///opt/src/inet/ruserpass.c:112:10:112:26","call to fopen" 17 | "call to _IO_new_fopen","file:///opt/src/intl/localealias.c:229:8:229:43","call to fopen" 18 | "call to _IO_file_fopen","file:///opt/src/libio/freopen.c:75:16:75:29","call to fopen" 19 | "call to _IO_file_fopen","file:///opt/src/libio/freopen.c:75:16:75:29","call to fopen" 20 | "call to _IO_file_fopen","file:///opt/src/libio/freopen64.c:59:12:59:25","call to fopen" 21 | "call to _IO_file_fopen","file:///opt/src/libio/iofopen.c:75:7:75:20","call to fopen" 22 | "call to fopen","file:///opt/src/locale/programs/charmap-dir.c:223:12:223:16","call to fopen" 23 | "call to fopen","file:///opt/src/locale/programs/linereader.c:58:12:58:16","call to fopen" 24 | "call to fopen","file:///opt/src/locale/programs/locale.c:531:12:531:16","call to fopen" 25 | "call to fopen","file:///opt/src/locale/programs/locarchive.c:1201:12:1201:16","call to fopen" 26 | "call to fopen","file:///opt/src/malloc/memusagestat.c:505:13:505:17","call to fopen" 27 | "call to _IO_new_fopen","file:///opt/src/malloc/mtrace.c:301:20:301:75","call to fopen" 28 | "call to _IO_new_fopen","file:///opt/src/misc/getpass.c:58:8:58:33","call to fopen" 29 | "call to _IO_new_fopen","file:///opt/src/misc/getttyent.c:190:19:190:42","call to fopen" 30 | "call to _IO_new_fopen","file:///opt/src/misc/getusershell.c:107:12:107:37","call to fopen" 31 | "call to _IO_new_fopen","file:///opt/src/misc/mntent_r.c:43:18:43:38","call to fopen" 32 | "call to fopen","file:///opt/src/nis/nis_file.c:62:15:62:19","call to fopen" 33 | "call to fopen","file:///opt/src/nis/nis_file.c:34:14:34:18","call to fopen" 34 | "call to fopen","file:///opt/src/nptl/pthread_getattr_np.c:81:18:81:22","call to fopen" 35 | "call to fopen","file:///opt/src/nptl/pthread_getattr_np.c:81:18:81:22","call to fopen" 36 | "call to fopen","file:///opt/src/sysdeps/posix/getaddrinfo.c:1795:14:1795:18","call to fopen" 37 | "call to fopen","file:///opt/src/nscd/nscd.c:607:8:607:12","call to fopen" 38 | "call to fopen","file:///opt/src/nscd/nscd.c:580:8:580:12","call to fopen" 39 | "call to fopen","file:///opt/src/nscd/nscd_conf.c:68:8:68:12","call to fopen" 40 | "call to fopen","file:///opt/src/resolv/res_hconf.c:281:8:281:12","call to fopen" 41 | "call to fopen","file:///opt/src/nss/nss_compat/compat-grp.c:109:21:109:25","call to fopen" 42 | "call to fopen","file:///opt/src/nss/nss_compat/compat-initgroups.c:124:17:124:21","call to fopen" 43 | "call to fopen","file:///opt/src/nss/nss_compat/compat-pwd.c:224:21:224:25","call to fopen" 44 | "call to fopen","file:///opt/src/nss/nss_compat/compat-spwd.c:180:21:180:25","call to fopen" 45 | "call to fopen","file:///opt/src/nss/nss_files/files-alias.c:216:20:216:24","call to fopen" 46 | "call to fopen","file:///opt/src/nss/nss_files/files-alias.c:50:17:50:21","call to fopen" 47 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 48 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 49 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 50 | "call to fopen","file:///opt/src/nss/nss_files/files-initgroups.c:34:18:34:22","call to fopen" 51 | "call to fopen","file:///opt/src/nss/nss_files/files-key.c:33:18:33:22","call to fopen" 52 | "call to fopen","file:///opt/src/nss/nss_files/files-netgrp.c:65:8:65:12","call to fopen" 53 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 54 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 55 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 56 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 57 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 58 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 59 | "call to fopen","file:///opt/src/nss/nss_files/files-XXX.c:77:17:77:21","call to fopen" 60 | "call to _IO_new_fopen","file:///opt/src/nss/nsswitch.c:551:8:551:27","call to fopen" 61 | "call to fopen","file:///opt/src/resolv/compat-gethnamaddr.c:718:26:718:30","call to fopen" 62 | "call to fopen","file:///opt/src/resolv/compat-gethnamaddr.c:694:11:694:15","call to fopen" 63 | "call to _IO_new_fopen","file:///opt/src/resolv/res_hconf.c:281:8:281:32","call to fopen" 64 | "call to _IO_new_fopen","file:///opt/src/resolv/res_init.c:558:14:558:41","call to fopen" 65 | "call to fopen","file:///opt/src/resolv/res_query.c:649:28:649:32","call to fopen" 66 | "call to fopen","file:///opt/src/support/shell-container.c:354:13:354:17","call to fopen" 67 | "call to fopen","file:///opt/src/support/support_test_main.c:320:17:320:21","call to fopen" 68 | "call to fopen","file:///opt/src/support/test-container.c:826:15:826:19","call to fopen" 69 | "call to fopen","file:///opt/src/support/test-container.c:835:6:835:10","call to fopen" 70 | "call to fopen","file:///opt/src/support/test-container.c:633:7:633:11","call to fopen" 71 | "call to fopen","file:///opt/src/support/test-container.c:648:7:648:11","call to fopen" 72 | "call to fopen","file:///opt/src/support/xfopen.c:27:14:27:18","call to fopen" 73 | "call to _IO_new_fopen","file:///opt/src/sysdeps/posix/getaddrinfo.c:1795:14:1795:41","call to fopen" 74 | "call to _IO_new_fopen","file:///opt/src/sysdeps/unix/sysv/linux/readonly-area.c:34:14:34:45","call to fopen" 75 | "call to _IO_new_fopen","file:///opt/src/time/getdate.c:134:8:134:29","call to fopen" 76 | "call to _IO_new_fopen","file:///opt/src/time/tzfile.c:162:7:162:25","call to fopen" 77 | "call to fopen","file:///opt/src/timezone/zic.c:1880:7:1880:11","call to fopen" 78 | "call to fopen","file:///opt/src/timezone/zic.c:1885:11:1885:15","call to fopen" 79 | "call to fopen","file:///opt/src/timezone/zic.c:1103:19:1103:23","call to fopen" 80 | "call to fopen","file:///opt/src/timezone/zic.c:936:11:936:15","call to fopen" 81 | "call to fopen","file:///opt/src/timezone/zic.c:943:11:943:15","call to fopen" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/4.1_fopen_to_alloca_taint.csv: -------------------------------------------------------------------------------- 1 | "sink","URL for sink","source","URL for source","sink","URL for sink","col3" 2 | "... + ...","file:///opt/src/iconv/gconv_conf.c:323:25:323:50","call to _IO_new_fopen","file:///opt/src/iconv/gconv_conf.c:369:14:369:36","... + ...","file:///opt/src/iconv/gconv_conf.c:323:25:323:50","fopen flows to alloca" 3 | "real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","call to iruserfopen","file:///opt/src/inet/rcmd.c:528:13:528:23","real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","fopen flows to alloca" 4 | "real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","call to iruserfopen","file:///opt/src/inet/rcmd.c:562:16:562:26","real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","fopen flows to alloca" 5 | "real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","call to _IO_new_fopen","file:///opt/src/inet/rcmd.c:483:13:483:31","real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","fopen flows to alloca" 6 | "real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","call to fopen","file:///opt/src/nscd/nscd_conf.c:68:8:68:12","real_sizeof_reqdata","file:///opt/src/nscd/nscd_helper.c:178:24:178:42","fopen flows to alloca" -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "databasePath": "bminor_glibc_3332218", 3 | "locationPaths": "https://github.com/bminor/glibc/blob/333221862ecbebde60dd16e7ca17d26444e62f50{path}#L{line-start}-L{line-end}", 4 | "expectedResults": { 5 | "01_function_definitions.ql": "0.0_function_definitions.csv", 6 | "02_alloca_definition.ql": "0.1_alloca_definition.csv", 7 | "03_alloca.ql": "1.0_alloca.csv", 8 | "04_alloca_ignore_small.ql": "1.1_alloca_ignore_small.csv", 9 | "05_use_alloca.ql": "2.0_use_alloca.csv", 10 | "06_use_alloca_guard.ql": "2.1_use_alloca_guard.csv", 11 | "07_use_alloca_guard.ql": "2.2_use_alloca_guard.csv", 12 | "08_use_alloca_guard.ql": "2.3_use_alloca_guard.csv", 13 | "09_use_alloca_guard.ql": "2.4_use_alloca_guard.csv", 14 | "10_guarded_alloca.ql": "2.5_guarded_alloca.csv", 15 | "11_alloca_ignore_small_or_guarded.ql": "3.0_alloca_ignore_small_or_guarded.csv", 16 | "12_fopen.ql": "4.0_fopen.csv", 17 | "13_fopen_to_alloca_taint.ql": "4.1_fopen_to_alloca_taint.csv" 18 | } 19 | } -------------------------------------------------------------------------------- /courses/cpp/ctf-segv/image/publish.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # TODO: move to /scripts/ 4 | 5 | set -e 6 | set -x 7 | 8 | docker login docker.pkg.github.com -u github-actions -p ${GITHUB_TOKEN} 9 | 10 | IMAGE_VERSION=latest 11 | IMAGE_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses-cpp-ctf-segv:${IMAGE_VERSION} 12 | 13 | docker build -t $IMAGE_TAG . 14 | 15 | docker push $IMAGE_TAG -------------------------------------------------------------------------------- /courses/cpp/uboot/README.md: -------------------------------------------------------------------------------- 1 | # CodeQL LearningLab Course Action Template 2 | 3 | Copy this entire directory, 4 | and replace the following: 5 | 6 | * Replace ``, `` and `` in the `image` property in 7 | [`action.yml`](action.yml) to reference the correct repository 8 | where the docker image will be published, 9 | and with a package name of your choice. 10 | (For courses in this repository, 11 | we use the convention of taking the course path, 12 | and replacing slashes with dashes, 13 | e.g. `courses/cpp/ctf-segv` becomes `courses-cpp-ctf-segv`) 14 | * Replace the zip file URL in [`image/Dockerfile`](image/Dockerfile) 15 | to point to the CodeQL database that will be used in your course. 16 | 17 | After this, 18 | update [`answers/`](answers) and [`image/config/`](image/config) 19 | to add your model answers and expected query results as appropriate. 20 | -------------------------------------------------------------------------------- /courses/cpp/uboot/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Check queries' 2 | description: 'Check that the queries that have been pushed produce the correct results' 3 | author: 'GitHub ' 4 | runs: 5 | using: 'docker' 6 | image: 'docker://docker.pkg.github.com/github/codeql-learninglab-actions/courses-cpp-uboot' 7 | branding: 8 | icon: 'check-circle' 9 | color: 'purple' -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/10_taint_tracking.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind path-problem 3 | */ 4 | 5 | import cpp 6 | import semmle.code.cpp.dataflow.TaintTracking 7 | import DataFlow::PathGraph 8 | 9 | class NetworkRead extends Expr { 10 | NetworkRead() { 11 | exists(MacroInvocation i | this = i.getExpr() 12 | and i.getMacroName().regexpMatch("ntoh(l|ll|s)")) 13 | } 14 | } 15 | 16 | class Config extends TaintTracking::Configuration { 17 | Config() { this = "NetworkToMemFuncLength" } 18 | 19 | override predicate isSource(DataFlow::Node source) { 20 | source.asExpr() instanceof NetworkRead 21 | } 22 | 23 | override predicate isSink(DataFlow::Node sink) { 24 | exists (FunctionCall fc | 25 | sink.asExpr() = fc.getArgument(2) and fc.getTarget().getName()= "memcpy") 26 | } 27 | } 28 | 29 | from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sink 30 | where cfg.hasFlowPath(source, sink) 31 | select sink, source, sink, "ntoh flows to memcpy" -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/3_function_definitions.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Function f 8 | where f.getName() = "strlen" 9 | select f, "a function named strlen" 10 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/4_memcpy_definitions.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Function f 8 | where f.getName() = "memcpy" 9 | select f, "a function named memcpy" 10 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/5_macro_definitions.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Macro m 8 | where m.getName().regexpMatch("ntoh(s|ll?)") 9 | select m, "a macro reading from the network" 10 | 11 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/6_memcpy_calls.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Function f, FunctionCall fc 8 | where f.getName() = "memcpy" and 9 | fc.getTarget() = f 10 | select fc, "a call to memcpy" 11 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/7_macro_invocations.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Macro m, MacroInvocation mi 8 | where mi.getMacro() = m and m.getName().regexpMatch("ntoh(s|ll?)") 9 | select mi, "Invoking a macro reading from the network" 10 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/8_macro_expressions.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | from Macro m, MacroInvocation mi 8 | where mi.getMacro() = m and m.getName().regexpMatch("ntoh(s|ll?)") 9 | select mi.getExpr(), "Invoking a macro reading from the network" 10 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/9_class_network_byteswap.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind problem 3 | */ 4 | 5 | import cpp 6 | 7 | class NetworkRead extends Expr { 8 | NetworkRead() { 9 | exists (MacroInvocation mi | mi.getMacro().getName().regexpMatch("ntoh(s|ll?)") and this = mi.getExpr()) 10 | } 11 | } 12 | 13 | from NetworkRead n 14 | select n, "Reading from the network" 15 | -------------------------------------------------------------------------------- /courses/cpp/uboot/answers/qlpack.yml: -------------------------------------------------------------------------------- 1 | name: codeql-uboot 2 | version: 0.0.0 3 | libraryPathDependencies: codeql-cpp # Update this with appropriate language 4 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check:v2.0.0 2 | 3 | ## Add course config 4 | COPY --chown=codeql:codeql config /home/codeql/config 5 | WORKDIR /home/codeql/config 6 | # Download, unzip and then delete the zip file in one step to reduce image size 7 | RUN wget --quiet https://downloads.lgtm.com/snapshots/cpp/uboot/u-boot_u-boot_cpp-srcVersion_d0d07ba86afc8074d79e436b1ba4478fa0f0c1b5-dist_odasa-2019-07-25-linux64.zip -O database.zip && unzip -qq database.zip && rm -rf database.zip 8 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "databasePath": "u-boot_u-boot_d0d07ba", 3 | "locationPaths": "https://github.com/u-boot/u-boot/blob/d0d07ba86afc8074d79e436b1ba4478fa0f0c1b5{path}#L{line-start}-L{line-end}", 4 | "expectedResults": { 5 | "3_function_definitions.ql": "step-3.csv", 6 | "4_memcpy_definitions.ql": "step-4.csv", 7 | "5_macro_definitions.ql": "step-5.csv", 8 | "6_memcpy_calls.ql": "step-6.csv", 9 | "7_macro_invocations.ql": "step-7.csv", 10 | "8_macro_expressions.ql": "step-8.csv", 11 | "9_class_network_byteswap.ql": "step-9.csv", 12 | "10_taint_tracking.ql": "step-10.csv" 13 | } 14 | } -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-10.csv: -------------------------------------------------------------------------------- 1 | "sink","URL for sink","source","URL for source","sink","URL for sink","col3" 2 | "len","file:///opt/src/cmd/nvedit_efi.c:280:28:280:30","... ? ... : ...","file:///opt/src/net/net.c:1586:6:1586:13","len","file:///opt/src/cmd/nvedit_efi.c:280:28:280:30","ntoh flows to memcpy" 3 | "len","file:///opt/src/cmd/nvedit_efi.c:280:28:280:30","... ? ... : ...","file:///opt/src/net/net.c:1575:13:1575:27","len","file:///opt/src/cmd/nvedit_efi.c:280:28:280:30","ntoh flows to memcpy" 4 | "len","file:///opt/src/cmd/nvedit_efi.c:321:34:321:36","... ? ... : ...","file:///opt/src/net/net.c:1586:6:1586:13","len","file:///opt/src/cmd/nvedit_efi.c:321:34:321:36","ntoh flows to memcpy" 5 | "len","file:///opt/src/cmd/nvedit_efi.c:321:34:321:36","... ? ... : ...","file:///opt/src/net/net.c:1575:13:1575:27","len","file:///opt/src/cmd/nvedit_efi.c:321:34:321:36","ntoh flows to memcpy" 6 | "... - ...","file:///opt/src/drivers/net/netconsole.c:161:37:161:47","... ? ... : ...","file:///opt/src/net/net.c:1306:5:1306:22","... - ...","file:///opt/src/drivers/net/netconsole.c:161:37:161:47","ntoh flows to memcpy" 7 | "chunk","file:///opt/src/drivers/net/netconsole.c:164:34:164:38","... ? ... : ...","file:///opt/src/net/net.c:1306:5:1306:22","chunk","file:///opt/src/drivers/net/netconsole.c:164:34:164:38","ntoh flows to memcpy" 8 | "len","file:///opt/src/net/net.c:1009:50:1009:52","... ? ... : ...","file:///opt/src/net/net.c:913:8:913:24","len","file:///opt/src/net/net.c:1009:50:1009:52","ntoh flows to memcpy" 9 | "rlen","file:///opt/src/net/nfs.c:644:10:644:13","... ? ... : ...","file:///opt/src/net/nfs.c:635:9:635:58","rlen","file:///opt/src/net/nfs.c:644:10:644:13","ntoh flows to memcpy" 10 | "rlen","file:///opt/src/net/nfs.c:649:10:649:13","... ? ... : ...","file:///opt/src/net/nfs.c:635:9:635:58","rlen","file:///opt/src/net/nfs.c:649:10:649:13","ntoh flows to memcpy" 11 | "filefh3_length","file:///opt/src/net/nfs.c:574:44:574:57","... ? ... : ...","file:///opt/src/net/nfs.c:571:20:571:49","filefh3_length","file:///opt/src/net/nfs.c:574:44:574:57","ntoh flows to memcpy" 12 | "len","file:///opt/src/net/nfs.c:106:20:106:22","... ? ... : ...","file:///opt/src/net/nfs.c:688:10:688:40","len","file:///opt/src/net/nfs.c:106:20:106:22","ntoh flows to memcpy" 13 | "len","file:///opt/src/net/nfs.c:106:20:106:22","... ? ... : ...","file:///opt/src/net/nfs.c:695:10:695:59","len","file:///opt/src/net/nfs.c:106:20:106:22","ntoh flows to memcpy" 14 | "... + ...","file:///opt/src/net/ping.c:108:25:108:42","... ? ... : ...","file:///opt/src/net/net.c:1196:9:1196:25","... + ...","file:///opt/src/net/ping.c:108:25:108:42","ntoh flows to memcpy" -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-3.csv: -------------------------------------------------------------------------------- 1 | "f","URL for f","col1" 2 | "strlen","file:///opt/src/include/linux/string.h:74:24:74:29","a function named strlen" 3 | "strlen","file:///usr/x86_64-linux-gnu/include/string.h:384:15:384:20","a function named strlen" 4 | "strlen","file:///opt/src/lib/string.c:264:8:264:13","a function named strlen" 5 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-4.csv: -------------------------------------------------------------------------------- 1 | "f","URL for f","col1" 2 | "memcpy","file:///opt/src/lib/string.c:532:8:532:13","a function named memcpy" 3 | "memcpy","file:///usr/x86_64-linux-gnu/include/bits/string_fortified.h:31:8:31:13","a function named memcpy" 4 | "memcpy","file:///usr/x86_64-linux-gnu/include/bits/string_fortified.h:31:8:31:13","a function named memcpy" -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-5.csv: -------------------------------------------------------------------------------- 1 | "m","URL for m","col1" 2 | "#define ntohs(x) __bswap_16 (x)","file:///usr/x86_64-linux-gnu/include/netinet/in.h:402:1:402:34","a macro reading from the network" 3 | "#define ntohl(x) __bswap_32 (x)","file:///usr/x86_64-linux-gnu/include/netinet/in.h:401:1:401:34","a macro reading from the network" 4 | "#define ntohs(x) ___ntohs(x)","file:///opt/src/include/linux/byteorder/generic.h:142:1:142:28","a macro reading from the network" 5 | "#define ntohl(x) ___ntohl(x)","file:///opt/src/include/linux/byteorder/generic.h:140:1:140:28","a macro reading from the network" 6 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-7.csv: -------------------------------------------------------------------------------- 1 | "mi","URL for mi","col1" 2 | "ntohs(x)","file:///opt/src/cmd/net.c:307:10:307:34","Invoking a macro reading from the network" 3 | "ntohs(x)","file:///opt/src/cmd/net.c:314:42:314:63","Invoking a macro reading from the network" 4 | "ntohl(x)","file:///opt/src/cmd/pxe.c:344:27:344:46","Invoking a macro reading from the network" 5 | "ntohs(x)","file:///opt/src/drivers/net/sandbox-raw.c:47:7:47:28","Invoking a macro reading from the network" 6 | "ntohs(x)","file:///opt/src/drivers/net/sandbox.c:123:6:123:27","Invoking a macro reading from the network" 7 | "ntohs(x)","file:///opt/src/drivers/net/sandbox.c:66:6:66:27","Invoking a macro reading from the network" 8 | "ntohs(x)","file:///opt/src/drivers/net/sandbox.c:71:6:71:22","Invoking a macro reading from the network" 9 | "ntohs(x)","file:///opt/src/lib/efi_loader/efi_net.c:497:12:497:37","Invoking a macro reading from the network" 10 | "ntohs(x)","file:///opt/src/lib/efi_loader/efi_net.c:500:13:500:55","Invoking a macro reading from the network" 11 | "ntohs(x)","file:///opt/src/net/arp.c:146:6:146:23","Invoking a macro reading from the network" 12 | "ntohs(x)","file:///opt/src/net/arp.c:148:6:148:23","Invoking a macro reading from the network" 13 | "ntohs(x)","file:///opt/src/net/arp.c:161:10:161:26","Invoking a macro reading from the network" 14 | "ntohs(x)","file:///opt/src/net/arp.c:232:3:233:26","Invoking a macro reading from the network" 15 | "ntohl(x)","file:///opt/src/net/bootp.c:482:13:482:35","Invoking a macro reading from the network" 16 | "ntohl(x)","file:///opt/src/net/bootp.c:493:13:493:38","Invoking a macro reading from the network" 17 | "ntohs(x)","file:///opt/src/net/cdp.c:282:10:282:21","Invoking a macro reading from the network" 18 | "ntohs(x)","file:///opt/src/net/cdp.c:283:10:283:21","Invoking a macro reading from the network" 19 | "ntohs(x)","file:///opt/src/net/cdp.c:322:12:322:21","Invoking a macro reading from the network" 20 | "ntohs(x)","file:///opt/src/net/dns.c:124:6:124:28","Invoking a macro reading from the network" 21 | "ntohs(x)","file:///opt/src/net/fastboot.c:274:15:274:31","Invoking a macro reading from the network" 22 | "ntohs(x)","file:///opt/src/net/link_local.c:250:2:252:23","Invoking a macro reading from the network" 23 | "ntohs(x)","file:///opt/src/net/link_local.c:250:2:252:23","Invoking a macro reading from the network" 24 | "ntohl(x)","file:///opt/src/net/link_local.c:109:7:109:22","Invoking a macro reading from the network" 25 | "ntohs(x)","file:///opt/src/net/net.c:1586:6:1586:13","Invoking a macro reading from the network" 26 | "ntohl(x)","file:///opt/src/net/net.c:1575:13:1575:27","Invoking a macro reading from the network" 27 | "ntohs(x)","file:///opt/src/net/net.c:1458:12:1458:32","Invoking a macro reading from the network" 28 | "ntohs(x)","file:///opt/src/net/net.c:1432:13:1432:31","Invoking a macro reading from the network" 29 | "ntohs(x)","file:///opt/src/net/net.c:1419:13:1419:31","Invoking a macro reading from the network" 30 | "ntohs(x)","file:///opt/src/net/net.c:1106:13:1106:31","Invoking a macro reading from the network" 31 | "ntohs(x)","file:///opt/src/net/net.c:1109:14:1109:35","Invoking a macro reading from the network" 32 | "ntohs(x)","file:///opt/src/net/net.c:1113:14:1113:34","Invoking a macro reading from the network" 33 | "ntohs(x)","file:///opt/src/net/net.c:1121:15:1121:35","Invoking a macro reading from the network" 34 | "ntohs(x)","file:///opt/src/net/net.c:1141:8:1141:26","Invoking a macro reading from the network" 35 | "ntohs(x)","file:///opt/src/net/net.c:1148:9:1148:27","Invoking a macro reading from the network" 36 | "ntohs(x)","file:///opt/src/net/net.c:1150:15:1150:34","Invoking a macro reading from the network" 37 | "ntohs(x)","file:///opt/src/net/net.c:1192:13:1192:29","Invoking a macro reading from the network" 38 | "ntohs(x)","file:///opt/src/net/net.c:1193:4:1193:53","Invoking a macro reading from the network" 39 | "ntohs(x)","file:///opt/src/net/net.c:1196:9:1196:25","Invoking a macro reading from the network" 40 | "ntohs(x)","file:///opt/src/net/net.c:1266:13:1266:30","Invoking a macro reading from the network" 41 | "ntohl(x)","file:///opt/src/net/net.c:1267:13:1267:36","Invoking a macro reading from the network" 42 | "ntohl(x)","file:///opt/src/net/net.c:1268:13:1268:36","Invoking a macro reading from the network" 43 | "ntohl(x)","file:///opt/src/net/net.c:1269:13:1269:36","Invoking a macro reading from the network" 44 | "ntohl(x)","file:///opt/src/net/net.c:1270:13:1270:36","Invoking a macro reading from the network" 45 | "ntohs(x)","file:///opt/src/net/net.c:1272:13:1272:30","Invoking a macro reading from the network" 46 | "ntohs(x)","file:///opt/src/net/net.c:1279:13:1279:26","Invoking a macro reading from the network" 47 | "ntohs(x)","file:///opt/src/net/net.c:1295:18:1295:36","Invoking a macro reading from the network" 48 | "ntohs(x)","file:///opt/src/net/net.c:1304:5:1304:22","Invoking a macro reading from the network" 49 | "ntohs(x)","file:///opt/src/net/net.c:1305:5:1305:22","Invoking a macro reading from the network" 50 | "ntohs(x)","file:///opt/src/net/net.c:1306:5:1306:22","Invoking a macro reading from the network" 51 | "ntohs(x)","file:///opt/src/net/net.c:1312:11:1312:28","Invoking a macro reading from the network" 52 | "ntohs(x)","file:///opt/src/net/net.c:1314:11:1314:28","Invoking a macro reading from the network" 53 | "ntohs(x)","file:///opt/src/net/net.c:1315:11:1315:28","Invoking a macro reading from the network" 54 | "ntohs(x)","file:///opt/src/net/net.c:1064:10:1064:27","Invoking a macro reading from the network" 55 | "ntohs(x)","file:///opt/src/net/net.c:1065:10:1065:27","Invoking a macro reading from the network" 56 | "ntohs(x)","file:///opt/src/net/net.c:1066:10:1066:27","Invoking a macro reading from the network" 57 | "ntohs(x)","file:///opt/src/net/net.c:1021:15:1021:31","Invoking a macro reading from the network" 58 | "ntohs(x)","file:///opt/src/net/net.c:906:15:906:31","Invoking a macro reading from the network" 59 | "ntohs(x)","file:///opt/src/net/net.c:913:8:913:24","Invoking a macro reading from the network" 60 | "ntohl(x)","file:///opt/src/net/nfs.c:665:6:665:30","Invoking a macro reading from the network" 61 | "ntohl(x)","file:///opt/src/net/nfs.c:667:11:667:35","Invoking a macro reading from the network" 62 | "ntohl(x)","file:///opt/src/net/nfs.c:678:11:678:40","Invoking a macro reading from the network" 63 | "ntohl(x)","file:///opt/src/net/nfs.c:688:10:688:40","Invoking a macro reading from the network" 64 | "ntohl(x)","file:///opt/src/net/nfs.c:695:10:695:59","Invoking a macro reading from the network" 65 | "ntohl(x)","file:///opt/src/net/nfs.c:618:6:618:30","Invoking a macro reading from the network" 66 | "ntohl(x)","file:///opt/src/net/nfs.c:620:11:620:35","Invoking a macro reading from the network" 67 | "ntohl(x)","file:///opt/src/net/nfs.c:635:9:635:58","Invoking a macro reading from the network" 68 | "ntohl(x)","file:///opt/src/net/nfs.c:582:6:582:19","Invoking a macro reading from the network" 69 | "ntohl(x)","file:///opt/src/net/nfs.c:519:6:519:30","Invoking a macro reading from the network" 70 | "ntohl(x)","file:///opt/src/net/nfs.c:521:11:521:35","Invoking a macro reading from the network" 71 | "ntohl(x)","file:///opt/src/net/nfs.c:528:11:528:40","Invoking a macro reading from the network" 72 | "ntohl(x)","file:///opt/src/net/nfs.c:533:12:533:41","Invoking a macro reading from the network" 73 | "ntohl(x)","file:///opt/src/net/nfs.c:536:5:540:41","Invoking a macro reading from the network" 74 | "ntohl(x)","file:///opt/src/net/nfs.c:536:5:540:41","Invoking a macro reading from the network" 75 | "ntohl(x)","file:///opt/src/net/nfs.c:548:5:552:41","Invoking a macro reading from the network" 76 | "ntohl(x)","file:///opt/src/net/nfs.c:548:5:552:41","Invoking a macro reading from the network" 77 | "ntohl(x)","file:///opt/src/net/nfs.c:561:4:562:40","Invoking a macro reading from the network" 78 | "ntohl(x)","file:///opt/src/net/nfs.c:571:20:571:49","Invoking a macro reading from the network" 79 | "ntohl(x)","file:///opt/src/net/nfs.c:495:6:495:30","Invoking a macro reading from the network" 80 | "ntohl(x)","file:///opt/src/net/nfs.c:497:11:497:35","Invoking a macro reading from the network" 81 | "ntohl(x)","file:///opt/src/net/nfs.c:469:6:469:30","Invoking a macro reading from the network" 82 | "ntohl(x)","file:///opt/src/net/nfs.c:471:11:471:35","Invoking a macro reading from the network" 83 | "ntohl(x)","file:///opt/src/net/nfs.c:439:6:439:30","Invoking a macro reading from the network" 84 | "ntohl(x)","file:///opt/src/net/nfs.c:441:11:441:35","Invoking a macro reading from the network" 85 | "ntohl(x)","file:///opt/src/net/nfs.c:451:27:451:56","Invoking a macro reading from the network" 86 | "ntohl(x)","file:///opt/src/net/nfs.c:454:21:454:50","Invoking a macro reading from the network" 87 | "ntohs(x)","file:///opt/src/net/rarp.c:38:7:38:23","Invoking a macro reading from the network" 88 | "ntohs(x)","file:///opt/src/net/rarp.c:39:7:39:24","Invoking a macro reading from the network" 89 | "ntohs(x)","file:///opt/src/net/rarp.c:40:7:40:24","Invoking a macro reading from the network" 90 | "ntohl(x)","file:///opt/src/net/sntp.c:72:12:72:25","Invoking a macro reading from the network" 91 | "ntohs(x)","file:///opt/src/net/tftp.c:435:10:435:21","Invoking a macro reading from the network" 92 | "ntohs(x)","file:///opt/src/net/tftp.c:449:17:449:25","Invoking a macro reading from the network" 93 | "ntohs(x)","file:///opt/src/net/tftp.c:515:20:515:40","Invoking a macro reading from the network" 94 | "ntohs(x)","file:///opt/src/net/tftp.c:566:19:566:39","Invoking a macro reading from the network" 95 | "ntohs(x)","file:///opt/src/net/tftp.c:568:11:568:31","Invoking a macro reading from the network" 96 | "ntohs(x)","file:///opt/src/test/dm/eth.c:397:6:397:27","Invoking a macro reading from the network" 97 | "ntohs(x)","file:///opt/src/test/dm/eth.c:398:6:398:22","Invoking a macro reading from the network" 98 | "ntohs(x)","file:///opt/src/test/dm/eth.c:357:6:357:27","Invoking a macro reading from the network" 99 | "ntohs(x)","file:///opt/src/test/dm/eth.c:312:6:312:27","Invoking a macro reading from the network" 100 | "ntohs(x)","file:///opt/src/test/dm/eth.c:313:6:313:22","Invoking a macro reading from the network" 101 | "ntohs(x)","file:///opt/src/test/dm/eth.c:271:6:271:27","Invoking a macro reading from the network" 102 | "ntohs(x)","file:///opt/src/test/dm/eth.c:276:6:276:22","Invoking a macro reading from the network" 103 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1717:4:1717:36","Invoking a macro reading from the network" 104 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1718:4:1718:36","Invoking a macro reading from the network" 105 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1719:4:1719:39","Invoking a macro reading from the network" 106 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1721:4:1721:38","Invoking a macro reading from the network" 107 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1722:4:1722:38","Invoking a macro reading from the network" 108 | "ntohs(x)","file:///opt/src/tools/mxsimage.c:1723:4:1723:41","Invoking a macro reading from the network" 109 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-8.csv: -------------------------------------------------------------------------------- 1 | "col0","URL for col0","col1" 2 | "... ? ... : ...","file:///opt/src/cmd/net.c:307:10:307:34","Invoking a macro reading from the network" 3 | "... ? ... : ...","file:///opt/src/cmd/net.c:314:42:314:63","Invoking a macro reading from the network" 4 | "... ? ... : ...","file:///opt/src/cmd/pxe.c:344:27:344:46","Invoking a macro reading from the network" 5 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox-raw.c:47:7:47:28","Invoking a macro reading from the network" 6 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:123:6:123:27","Invoking a macro reading from the network" 7 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:66:6:66:27","Invoking a macro reading from the network" 8 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:71:6:71:22","Invoking a macro reading from the network" 9 | "... ? ... : ...","file:///opt/src/lib/efi_loader/efi_net.c:497:12:497:37","Invoking a macro reading from the network" 10 | "... ? ... : ...","file:///opt/src/lib/efi_loader/efi_net.c:500:13:500:55","Invoking a macro reading from the network" 11 | "... ? ... : ...","file:///opt/src/net/arp.c:146:6:146:23","Invoking a macro reading from the network" 12 | "... ? ... : ...","file:///opt/src/net/arp.c:148:6:148:23","Invoking a macro reading from the network" 13 | "... ? ... : ...","file:///opt/src/net/arp.c:161:10:161:26","Invoking a macro reading from the network" 14 | "... ? ... : ...","file:///opt/src/net/arp.c:232:3:233:26","Invoking a macro reading from the network" 15 | "... ? ... : ...","file:///opt/src/net/bootp.c:482:13:482:35","Invoking a macro reading from the network" 16 | "... ? ... : ...","file:///opt/src/net/bootp.c:493:13:493:38","Invoking a macro reading from the network" 17 | "... ? ... : ...","file:///opt/src/net/cdp.c:282:10:282:21","Invoking a macro reading from the network" 18 | "... ? ... : ...","file:///opt/src/net/cdp.c:283:10:283:21","Invoking a macro reading from the network" 19 | "... ? ... : ...","file:///opt/src/net/cdp.c:322:12:322:21","Invoking a macro reading from the network" 20 | "... ? ... : ...","file:///opt/src/net/dns.c:124:6:124:28","Invoking a macro reading from the network" 21 | "... ? ... : ...","file:///opt/src/net/fastboot.c:274:15:274:31","Invoking a macro reading from the network" 22 | "... ? ... : ...","file:///opt/src/net/link_local.c:250:2:252:23","Invoking a macro reading from the network" 23 | "... ? ... : ...","file:///opt/src/net/link_local.c:250:2:252:23","Invoking a macro reading from the network" 24 | "... ? ... : ...","file:///opt/src/net/link_local.c:109:7:109:22","Invoking a macro reading from the network" 25 | "... ? ... : ...","file:///opt/src/net/net.c:1586:6:1586:13","Invoking a macro reading from the network" 26 | "... ? ... : ...","file:///opt/src/net/net.c:1575:13:1575:27","Invoking a macro reading from the network" 27 | "... ? ... : ...","file:///opt/src/net/net.c:1458:12:1458:32","Invoking a macro reading from the network" 28 | "... ? ... : ...","file:///opt/src/net/net.c:1432:13:1432:31","Invoking a macro reading from the network" 29 | "... ? ... : ...","file:///opt/src/net/net.c:1419:13:1419:31","Invoking a macro reading from the network" 30 | "... ? ... : ...","file:///opt/src/net/net.c:1106:13:1106:31","Invoking a macro reading from the network" 31 | "... ? ... : ...","file:///opt/src/net/net.c:1109:14:1109:35","Invoking a macro reading from the network" 32 | "... ? ... : ...","file:///opt/src/net/net.c:1113:14:1113:34","Invoking a macro reading from the network" 33 | "... ? ... : ...","file:///opt/src/net/net.c:1121:15:1121:35","Invoking a macro reading from the network" 34 | "... ? ... : ...","file:///opt/src/net/net.c:1141:8:1141:26","Invoking a macro reading from the network" 35 | "... ? ... : ...","file:///opt/src/net/net.c:1148:9:1148:27","Invoking a macro reading from the network" 36 | "... ? ... : ...","file:///opt/src/net/net.c:1150:15:1150:34","Invoking a macro reading from the network" 37 | "... ? ... : ...","file:///opt/src/net/net.c:1192:13:1192:29","Invoking a macro reading from the network" 38 | "... ? ... : ...","file:///opt/src/net/net.c:1193:4:1193:53","Invoking a macro reading from the network" 39 | "... ? ... : ...","file:///opt/src/net/net.c:1196:9:1196:25","Invoking a macro reading from the network" 40 | "... ? ... : ...","file:///opt/src/net/net.c:1266:13:1266:30","Invoking a macro reading from the network" 41 | "... ? ... : ...","file:///opt/src/net/net.c:1267:13:1267:36","Invoking a macro reading from the network" 42 | "... ? ... : ...","file:///opt/src/net/net.c:1268:13:1268:36","Invoking a macro reading from the network" 43 | "... ? ... : ...","file:///opt/src/net/net.c:1269:13:1269:36","Invoking a macro reading from the network" 44 | "... ? ... : ...","file:///opt/src/net/net.c:1270:13:1270:36","Invoking a macro reading from the network" 45 | "... ? ... : ...","file:///opt/src/net/net.c:1272:13:1272:30","Invoking a macro reading from the network" 46 | "... ? ... : ...","file:///opt/src/net/net.c:1279:13:1279:26","Invoking a macro reading from the network" 47 | "... ? ... : ...","file:///opt/src/net/net.c:1295:18:1295:36","Invoking a macro reading from the network" 48 | "... ? ... : ...","file:///opt/src/net/net.c:1304:5:1304:22","Invoking a macro reading from the network" 49 | "... ? ... : ...","file:///opt/src/net/net.c:1305:5:1305:22","Invoking a macro reading from the network" 50 | "... ? ... : ...","file:///opt/src/net/net.c:1306:5:1306:22","Invoking a macro reading from the network" 51 | "... ? ... : ...","file:///opt/src/net/net.c:1312:11:1312:28","Invoking a macro reading from the network" 52 | "... ? ... : ...","file:///opt/src/net/net.c:1314:11:1314:28","Invoking a macro reading from the network" 53 | "... ? ... : ...","file:///opt/src/net/net.c:1315:11:1315:28","Invoking a macro reading from the network" 54 | "... ? ... : ...","file:///opt/src/net/net.c:1064:10:1064:27","Invoking a macro reading from the network" 55 | "... ? ... : ...","file:///opt/src/net/net.c:1065:10:1065:27","Invoking a macro reading from the network" 56 | "... ? ... : ...","file:///opt/src/net/net.c:1066:10:1066:27","Invoking a macro reading from the network" 57 | "... ? ... : ...","file:///opt/src/net/net.c:1021:15:1021:31","Invoking a macro reading from the network" 58 | "... ? ... : ...","file:///opt/src/net/net.c:906:15:906:31","Invoking a macro reading from the network" 59 | "... ? ... : ...","file:///opt/src/net/net.c:913:8:913:24","Invoking a macro reading from the network" 60 | "... ? ... : ...","file:///opt/src/net/nfs.c:665:6:665:30","Invoking a macro reading from the network" 61 | "... ? ... : ...","file:///opt/src/net/nfs.c:667:11:667:35","Invoking a macro reading from the network" 62 | "... ? ... : ...","file:///opt/src/net/nfs.c:678:11:678:40","Invoking a macro reading from the network" 63 | "... ? ... : ...","file:///opt/src/net/nfs.c:688:10:688:40","Invoking a macro reading from the network" 64 | "... ? ... : ...","file:///opt/src/net/nfs.c:695:10:695:59","Invoking a macro reading from the network" 65 | "... ? ... : ...","file:///opt/src/net/nfs.c:618:6:618:30","Invoking a macro reading from the network" 66 | "... ? ... : ...","file:///opt/src/net/nfs.c:620:11:620:35","Invoking a macro reading from the network" 67 | "... ? ... : ...","file:///opt/src/net/nfs.c:635:9:635:58","Invoking a macro reading from the network" 68 | "... ? ... : ...","file:///opt/src/net/nfs.c:582:6:582:19","Invoking a macro reading from the network" 69 | "... ? ... : ...","file:///opt/src/net/nfs.c:519:6:519:30","Invoking a macro reading from the network" 70 | "... ? ... : ...","file:///opt/src/net/nfs.c:521:11:521:35","Invoking a macro reading from the network" 71 | "... ? ... : ...","file:///opt/src/net/nfs.c:528:11:528:40","Invoking a macro reading from the network" 72 | "... ? ... : ...","file:///opt/src/net/nfs.c:533:12:533:41","Invoking a macro reading from the network" 73 | "... ? ... : ...","file:///opt/src/net/nfs.c:536:5:540:41","Invoking a macro reading from the network" 74 | "... ? ... : ...","file:///opt/src/net/nfs.c:536:5:540:41","Invoking a macro reading from the network" 75 | "... ? ... : ...","file:///opt/src/net/nfs.c:548:5:552:41","Invoking a macro reading from the network" 76 | "... ? ... : ...","file:///opt/src/net/nfs.c:548:5:552:41","Invoking a macro reading from the network" 77 | "... ? ... : ...","file:///opt/src/net/nfs.c:561:4:562:40","Invoking a macro reading from the network" 78 | "... ? ... : ...","file:///opt/src/net/nfs.c:571:20:571:49","Invoking a macro reading from the network" 79 | "... ? ... : ...","file:///opt/src/net/nfs.c:495:6:495:30","Invoking a macro reading from the network" 80 | "... ? ... : ...","file:///opt/src/net/nfs.c:497:11:497:35","Invoking a macro reading from the network" 81 | "... ? ... : ...","file:///opt/src/net/nfs.c:469:6:469:30","Invoking a macro reading from the network" 82 | "... ? ... : ...","file:///opt/src/net/nfs.c:471:11:471:35","Invoking a macro reading from the network" 83 | "... ? ... : ...","file:///opt/src/net/nfs.c:439:6:439:30","Invoking a macro reading from the network" 84 | "... ? ... : ...","file:///opt/src/net/nfs.c:441:11:441:35","Invoking a macro reading from the network" 85 | "... ? ... : ...","file:///opt/src/net/nfs.c:451:27:451:56","Invoking a macro reading from the network" 86 | "... ? ... : ...","file:///opt/src/net/nfs.c:454:21:454:50","Invoking a macro reading from the network" 87 | "... ? ... : ...","file:///opt/src/net/rarp.c:38:7:38:23","Invoking a macro reading from the network" 88 | "... ? ... : ...","file:///opt/src/net/rarp.c:39:7:39:24","Invoking a macro reading from the network" 89 | "... ? ... : ...","file:///opt/src/net/rarp.c:40:7:40:24","Invoking a macro reading from the network" 90 | "... ? ... : ...","file:///opt/src/net/sntp.c:72:12:72:25","Invoking a macro reading from the network" 91 | "... ? ... : ...","file:///opt/src/net/tftp.c:435:10:435:21","Invoking a macro reading from the network" 92 | "... ? ... : ...","file:///opt/src/net/tftp.c:449:17:449:25","Invoking a macro reading from the network" 93 | "... ? ... : ...","file:///opt/src/net/tftp.c:515:20:515:40","Invoking a macro reading from the network" 94 | "... ? ... : ...","file:///opt/src/net/tftp.c:566:19:566:39","Invoking a macro reading from the network" 95 | "... ? ... : ...","file:///opt/src/net/tftp.c:568:11:568:31","Invoking a macro reading from the network" 96 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:397:6:397:27","Invoking a macro reading from the network" 97 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:398:6:398:22","Invoking a macro reading from the network" 98 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:357:6:357:27","Invoking a macro reading from the network" 99 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:312:6:312:27","Invoking a macro reading from the network" 100 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:313:6:313:22","Invoking a macro reading from the network" 101 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:271:6:271:27","Invoking a macro reading from the network" 102 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:276:6:276:22","Invoking a macro reading from the network" 103 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1717:4:1717:36","Invoking a macro reading from the network" 104 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1718:4:1718:36","Invoking a macro reading from the network" 105 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1719:4:1719:39","Invoking a macro reading from the network" 106 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1721:4:1721:38","Invoking a macro reading from the network" 107 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1722:4:1722:38","Invoking a macro reading from the network" 108 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1723:4:1723:41","Invoking a macro reading from the network" 109 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/config/step-9.csv: -------------------------------------------------------------------------------- 1 | "n","URL for n","col1" 2 | "... ? ... : ...","file:///opt/src/cmd/net.c:307:10:307:34","Reading from the network" 3 | "... ? ... : ...","file:///opt/src/cmd/net.c:314:42:314:63","Reading from the network" 4 | "... ? ... : ...","file:///opt/src/cmd/pxe.c:344:27:344:46","Reading from the network" 5 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox-raw.c:47:7:47:28","Reading from the network" 6 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:123:6:123:27","Reading from the network" 7 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:66:6:66:27","Reading from the network" 8 | "... ? ... : ...","file:///opt/src/drivers/net/sandbox.c:71:6:71:22","Reading from the network" 9 | "... ? ... : ...","file:///opt/src/lib/efi_loader/efi_net.c:497:12:497:37","Reading from the network" 10 | "... ? ... : ...","file:///opt/src/lib/efi_loader/efi_net.c:500:13:500:55","Reading from the network" 11 | "... ? ... : ...","file:///opt/src/net/arp.c:146:6:146:23","Reading from the network" 12 | "... ? ... : ...","file:///opt/src/net/arp.c:148:6:148:23","Reading from the network" 13 | "... ? ... : ...","file:///opt/src/net/arp.c:161:10:161:26","Reading from the network" 14 | "... ? ... : ...","file:///opt/src/net/arp.c:232:3:233:26","Reading from the network" 15 | "... ? ... : ...","file:///opt/src/net/bootp.c:482:13:482:35","Reading from the network" 16 | "... ? ... : ...","file:///opt/src/net/bootp.c:493:13:493:38","Reading from the network" 17 | "... ? ... : ...","file:///opt/src/net/cdp.c:282:10:282:21","Reading from the network" 18 | "... ? ... : ...","file:///opt/src/net/cdp.c:283:10:283:21","Reading from the network" 19 | "... ? ... : ...","file:///opt/src/net/cdp.c:322:12:322:21","Reading from the network" 20 | "... ? ... : ...","file:///opt/src/net/dns.c:124:6:124:28","Reading from the network" 21 | "... ? ... : ...","file:///opt/src/net/fastboot.c:274:15:274:31","Reading from the network" 22 | "... ? ... : ...","file:///opt/src/net/link_local.c:250:2:252:23","Reading from the network" 23 | "... ? ... : ...","file:///opt/src/net/link_local.c:250:2:252:23","Reading from the network" 24 | "... ? ... : ...","file:///opt/src/net/link_local.c:109:7:109:22","Reading from the network" 25 | "... ? ... : ...","file:///opt/src/net/net.c:1586:6:1586:13","Reading from the network" 26 | "... ? ... : ...","file:///opt/src/net/net.c:1575:13:1575:27","Reading from the network" 27 | "... ? ... : ...","file:///opt/src/net/net.c:1458:12:1458:32","Reading from the network" 28 | "... ? ... : ...","file:///opt/src/net/net.c:1432:13:1432:31","Reading from the network" 29 | "... ? ... : ...","file:///opt/src/net/net.c:1419:13:1419:31","Reading from the network" 30 | "... ? ... : ...","file:///opt/src/net/net.c:1106:13:1106:31","Reading from the network" 31 | "... ? ... : ...","file:///opt/src/net/net.c:1109:14:1109:35","Reading from the network" 32 | "... ? ... : ...","file:///opt/src/net/net.c:1113:14:1113:34","Reading from the network" 33 | "... ? ... : ...","file:///opt/src/net/net.c:1121:15:1121:35","Reading from the network" 34 | "... ? ... : ...","file:///opt/src/net/net.c:1141:8:1141:26","Reading from the network" 35 | "... ? ... : ...","file:///opt/src/net/net.c:1148:9:1148:27","Reading from the network" 36 | "... ? ... : ...","file:///opt/src/net/net.c:1150:15:1150:34","Reading from the network" 37 | "... ? ... : ...","file:///opt/src/net/net.c:1192:13:1192:29","Reading from the network" 38 | "... ? ... : ...","file:///opt/src/net/net.c:1193:4:1193:53","Reading from the network" 39 | "... ? ... : ...","file:///opt/src/net/net.c:1196:9:1196:25","Reading from the network" 40 | "... ? ... : ...","file:///opt/src/net/net.c:1266:13:1266:30","Reading from the network" 41 | "... ? ... : ...","file:///opt/src/net/net.c:1267:13:1267:36","Reading from the network" 42 | "... ? ... : ...","file:///opt/src/net/net.c:1268:13:1268:36","Reading from the network" 43 | "... ? ... : ...","file:///opt/src/net/net.c:1269:13:1269:36","Reading from the network" 44 | "... ? ... : ...","file:///opt/src/net/net.c:1270:13:1270:36","Reading from the network" 45 | "... ? ... : ...","file:///opt/src/net/net.c:1272:13:1272:30","Reading from the network" 46 | "... ? ... : ...","file:///opt/src/net/net.c:1279:13:1279:26","Reading from the network" 47 | "... ? ... : ...","file:///opt/src/net/net.c:1295:18:1295:36","Reading from the network" 48 | "... ? ... : ...","file:///opt/src/net/net.c:1304:5:1304:22","Reading from the network" 49 | "... ? ... : ...","file:///opt/src/net/net.c:1305:5:1305:22","Reading from the network" 50 | "... ? ... : ...","file:///opt/src/net/net.c:1306:5:1306:22","Reading from the network" 51 | "... ? ... : ...","file:///opt/src/net/net.c:1312:11:1312:28","Reading from the network" 52 | "... ? ... : ...","file:///opt/src/net/net.c:1314:11:1314:28","Reading from the network" 53 | "... ? ... : ...","file:///opt/src/net/net.c:1315:11:1315:28","Reading from the network" 54 | "... ? ... : ...","file:///opt/src/net/net.c:1064:10:1064:27","Reading from the network" 55 | "... ? ... : ...","file:///opt/src/net/net.c:1065:10:1065:27","Reading from the network" 56 | "... ? ... : ...","file:///opt/src/net/net.c:1066:10:1066:27","Reading from the network" 57 | "... ? ... : ...","file:///opt/src/net/net.c:1021:15:1021:31","Reading from the network" 58 | "... ? ... : ...","file:///opt/src/net/net.c:906:15:906:31","Reading from the network" 59 | "... ? ... : ...","file:///opt/src/net/net.c:913:8:913:24","Reading from the network" 60 | "... ? ... : ...","file:///opt/src/net/nfs.c:665:6:665:30","Reading from the network" 61 | "... ? ... : ...","file:///opt/src/net/nfs.c:667:11:667:35","Reading from the network" 62 | "... ? ... : ...","file:///opt/src/net/nfs.c:678:11:678:40","Reading from the network" 63 | "... ? ... : ...","file:///opt/src/net/nfs.c:688:10:688:40","Reading from the network" 64 | "... ? ... : ...","file:///opt/src/net/nfs.c:695:10:695:59","Reading from the network" 65 | "... ? ... : ...","file:///opt/src/net/nfs.c:618:6:618:30","Reading from the network" 66 | "... ? ... : ...","file:///opt/src/net/nfs.c:620:11:620:35","Reading from the network" 67 | "... ? ... : ...","file:///opt/src/net/nfs.c:635:9:635:58","Reading from the network" 68 | "... ? ... : ...","file:///opt/src/net/nfs.c:582:6:582:19","Reading from the network" 69 | "... ? ... : ...","file:///opt/src/net/nfs.c:519:6:519:30","Reading from the network" 70 | "... ? ... : ...","file:///opt/src/net/nfs.c:521:11:521:35","Reading from the network" 71 | "... ? ... : ...","file:///opt/src/net/nfs.c:528:11:528:40","Reading from the network" 72 | "... ? ... : ...","file:///opt/src/net/nfs.c:533:12:533:41","Reading from the network" 73 | "... ? ... : ...","file:///opt/src/net/nfs.c:536:5:540:41","Reading from the network" 74 | "... ? ... : ...","file:///opt/src/net/nfs.c:536:5:540:41","Reading from the network" 75 | "... ? ... : ...","file:///opt/src/net/nfs.c:548:5:552:41","Reading from the network" 76 | "... ? ... : ...","file:///opt/src/net/nfs.c:548:5:552:41","Reading from the network" 77 | "... ? ... : ...","file:///opt/src/net/nfs.c:561:4:562:40","Reading from the network" 78 | "... ? ... : ...","file:///opt/src/net/nfs.c:571:20:571:49","Reading from the network" 79 | "... ? ... : ...","file:///opt/src/net/nfs.c:495:6:495:30","Reading from the network" 80 | "... ? ... : ...","file:///opt/src/net/nfs.c:497:11:497:35","Reading from the network" 81 | "... ? ... : ...","file:///opt/src/net/nfs.c:469:6:469:30","Reading from the network" 82 | "... ? ... : ...","file:///opt/src/net/nfs.c:471:11:471:35","Reading from the network" 83 | "... ? ... : ...","file:///opt/src/net/nfs.c:439:6:439:30","Reading from the network" 84 | "... ? ... : ...","file:///opt/src/net/nfs.c:441:11:441:35","Reading from the network" 85 | "... ? ... : ...","file:///opt/src/net/nfs.c:451:27:451:56","Reading from the network" 86 | "... ? ... : ...","file:///opt/src/net/nfs.c:454:21:454:50","Reading from the network" 87 | "... ? ... : ...","file:///opt/src/net/rarp.c:38:7:38:23","Reading from the network" 88 | "... ? ... : ...","file:///opt/src/net/rarp.c:39:7:39:24","Reading from the network" 89 | "... ? ... : ...","file:///opt/src/net/rarp.c:40:7:40:24","Reading from the network" 90 | "... ? ... : ...","file:///opt/src/net/sntp.c:72:12:72:25","Reading from the network" 91 | "... ? ... : ...","file:///opt/src/net/tftp.c:435:10:435:21","Reading from the network" 92 | "... ? ... : ...","file:///opt/src/net/tftp.c:449:17:449:25","Reading from the network" 93 | "... ? ... : ...","file:///opt/src/net/tftp.c:515:20:515:40","Reading from the network" 94 | "... ? ... : ...","file:///opt/src/net/tftp.c:566:19:566:39","Reading from the network" 95 | "... ? ... : ...","file:///opt/src/net/tftp.c:568:11:568:31","Reading from the network" 96 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:397:6:397:27","Reading from the network" 97 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:398:6:398:22","Reading from the network" 98 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:357:6:357:27","Reading from the network" 99 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:312:6:312:27","Reading from the network" 100 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:313:6:313:22","Reading from the network" 101 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:271:6:271:27","Reading from the network" 102 | "... ? ... : ...","file:///opt/src/test/dm/eth.c:276:6:276:22","Reading from the network" 103 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1717:4:1717:36","Reading from the network" 104 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1718:4:1718:36","Reading from the network" 105 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1719:4:1719:39","Reading from the network" 106 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1721:4:1721:38","Reading from the network" 107 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1722:4:1722:38","Reading from the network" 108 | "call to __bswap_16","file:///opt/src/tools/mxsimage.c:1723:4:1723:41","Reading from the network" 109 | -------------------------------------------------------------------------------- /courses/cpp/uboot/image/publish.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | set -x 5 | 6 | docker login docker.pkg.github.com -u github-actions -p ${GITHUB_TOKEN} 7 | 8 | IMAGE_VERSION=v1.0.0 9 | IMAGE_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses-cpp-uboot:${IMAGE_VERSION} 10 | IMAGE_LATEST_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses-cpp-uboot:latest 11 | 12 | docker build -t $IMAGE_TAG -t $IMAGE_LATEST_TAG . 13 | 14 | docker push $IMAGE_TAG 15 | docker push $IMAGE_LATEST_TAG 16 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/README.md: -------------------------------------------------------------------------------- 1 | # CodeQL LearningLab Course Action Template 2 | 3 | Copy this entire directory, 4 | and replace the following: 5 | 6 | * Replace ``, `` and `` in the `image` property in 7 | [`action.yml`](action.yml) to reference the correct repository 8 | where the docker image will be published, 9 | and with a package name of your choice. 10 | (For courses in this repository, 11 | we use the convention of taking the course path, 12 | and replacing slashes with dashes, 13 | e.g. `courses/cpp/ctf-segv` becomes `courses-cpp-ctf-segv`) 14 | * Replace the zip file URL in [`image/Dockerfile`](image/Dockerfile) 15 | to point to the CodeQL database that will be used in your course. 16 | 17 | After this, 18 | update [`answers/`](answers) and [`image/config/`](image/config) 19 | to add your model answers and expected query results as appropriate. 20 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Check queries' 2 | description: 'Check that the queries that have been pushed produce the correct results' 3 | author: 'GitHub ' 4 | runs: 5 | using: 'docker' 6 | image: 'docker://docker.pkg.github.com/github/codeql-learninglab-actions/courses-javascript-unsafe-jquery' 7 | branding: 8 | icon: 'check-circle' 9 | color: 'purple' -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/calls-to-dollar-arg.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from CallExpr dollarCall, Expr dollarArg 4 | where 5 | dollarArg = dollarCall.getArgument(0) and 6 | dollarCall.getCalleeName() = "$" 7 | select dollarArg 8 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/calls-to-dollar.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from CallExpr dollarCall 4 | where dollarCall.getCalleeName() = "$" 5 | select dollarCall 6 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/dollar-arg-node.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from DataFlow::Node dollarArg 4 | where 5 | dollarArg = jquery().getACall().getArgument(0) 6 | select dollarArg 7 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/final.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @name Cross-site scripting vulnerable plugin 3 | * @kind path-problem 4 | * @id js/xss-unsafe-plugin 5 | */ 6 | 7 | import javascript 8 | import DataFlow::PathGraph 9 | 10 | class Configuration extends TaintTracking::Configuration { 11 | Configuration() { this = "XssUnsafeJQueryPlugin" } 12 | 13 | override predicate isSource(DataFlow::Node source) { 14 | exists(DataFlow::FunctionNode plugin | 15 | plugin = jquery().getAPropertyRead("fn").getAPropertySource() and 16 | source = plugin.getLastParameter() 17 | ) 18 | } 19 | 20 | override predicate isSink(DataFlow::Node sink) { 21 | sink = jquery().getACall().getArgument(0) 22 | } 23 | } 24 | 25 | from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink 26 | where cfg.hasFlowPath(source, sink) 27 | select sink, source, sink, "Potential XSS vulnerability in plugin." -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/jquery-plugins.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from DataFlow::Node plugin 4 | where plugin = jquery().getAPropertyRead("fn").getAPropertySource() 5 | select plugin 6 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/plugin-options.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from DataFlow::FunctionNode plugin, DataFlow::ParameterNode optionsParam 4 | where 5 | plugin = jquery().getAPropertyRead("fn").getAPropertySource() and 6 | optionsParam = plugin.getLastParameter() 7 | select plugin, optionsParam 8 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/property-read.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | from DataFlow::Node n 4 | where n = jquery().getAPropertyRead("fn") 5 | select n 6 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/qlpack.yml: -------------------------------------------------------------------------------- 1 | name: course-template 2 | version: 0.0.0 3 | libraryPathDependencies: codeql-javascript # Update this with appropriate language 4 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/answers/sources.ql: -------------------------------------------------------------------------------- 1 | import javascript 2 | 3 | predicate isSource(DataFlow::Node source) { 4 | exists(DataFlow::FunctionNode plugin | 5 | plugin = jquery().getAPropertyRead("fn").getAPropertySource() and 6 | source = plugin.getLastParameter() 7 | ) 8 | } 9 | 10 | from DataFlow::Node node 11 | where isSource(node) 12 | select node 13 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check:v2.0.0 2 | 3 | ## Add course config 4 | COPY --chown=codeql:codeql config /home/codeql/config 5 | WORKDIR /home/codeql/config 6 | # Download, unzip and then delete the zip file in one step to reduce image size 7 | RUN wget --quiet https://github.com/githubsatelliteworkshops/codeql/releases/download/v1.0/esbena_bootstrap-pre-27047_javascript.zip -O database.zip && unzip -qq database.zip && rm -rf database.zip 8 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "databasePath": "esbena_bootstrap-pre-27047_204f9cf", 3 | "locationPaths": "https://github.com/esbena/bootstrap-pre-27047/blob/204f9cf910d09b97b4075893e6da807443b55e03{path}#L{line-start}-L{line-end}", 4 | "expectedResults": { 5 | "calls-to-dollar.ql": "calls-to-dollar.csv", 6 | "calls-to-dollar-arg.ql": "calls-to-dollar-arg.csv", 7 | "dollar-arg-node.ql": "dollar-arg-node.csv", 8 | "property-read.ql": "property-read.csv", 9 | "jquery-plugins.ql": "jquery-plugins.csv", 10 | "plugin-options.ql": "plugin-options.csv", 11 | "sources.ql": "sources.csv", 12 | "final.ql": "final.csv" 13 | } 14 | } -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/final.csv: -------------------------------------------------------------------------------- 1 | "sink","URL for sink","source","URL for source","sink","URL for sink","col3" 2 | "this.options.target","file:///opt/src/js/affix.js:19:22:19:40","option","file:///opt/src/js/affix.js:119:19:119:24","this.options.target","file:///opt/src/js/affix.js:19:22:19:40","Potential XSS vulnerability in plugin." 3 | "this.options.parent","file:///opt/src/js/collapse.js:140:14:140:32","option","file:///opt/src/js/collapse.js:170:19:170:24","this.options.parent","file:///opt/src/js/collapse.js:140:14:140:32","Potential XSS vulnerability in plugin." 4 | "selector","file:///opt/src/js/scrollspy.js:113:20:113:27","option","file:///opt/src/js/scrollspy.js:136:19:136:24","selector","file:///opt/src/js/scrollspy.js:113:20:113:27","Potential XSS vulnerability in plugin." 5 | "this.selector","file:///opt/src/js/scrollspy.js:127:7:127:19","option","file:///opt/src/js/scrollspy.js:136:19:136:24","this.selector","file:///opt/src/js/scrollspy.js:127:7:127:19","Potential XSS vulnerability in plugin." 6 | "$.isFun ... ewport)","file:///opt/src/js/tooltip.js:54:49:54:193","option","file:///opt/src/js/tooltip.js:494:19:494:24","$.isFun ... ewport)","file:///opt/src/js/tooltip.js:54:49:54:193","Potential XSS vulnerability in plugin." 7 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/jquery-plugins.csv: -------------------------------------------------------------------------------- 1 | "plugin","URL for plugin" 2 | "functio ... })\n }","file:///opt/src/js/affix.js:119:3:128:3" 3 | "$.fn.affix","file:///opt/src/js/affix.js:130:13:130:22" 4 | "functio ... })\n }","file:///opt/src/js/alert.js:64:3:72:3" 5 | "$.fn.alert","file:///opt/src/js/alert.js:74:13:74:22" 6 | "functio ... })\n }","file:///opt/src/js/button.js:78:3:89:3" 7 | "$.fn.button","file:///opt/src/js/button.js:91:13:91:23" 8 | "functio ... })\n }","file:///opt/src/js/carousel.js:176:3:188:3" 9 | "$.fn.carousel","file:///opt/src/js/carousel.js:190:13:190:25" 10 | "functio ... })\n }","file:///opt/src/js/collapse.js:170:3:180:3" 11 | "$.fn.collapse","file:///opt/src/js/collapse.js:182:13:182:25" 12 | "functio ... })\n }","file:///opt/src/js/dropdown.js:130:3:138:3" 13 | "$.fn.dropdown","file:///opt/src/js/dropdown.js:140:13:140:25" 14 | "functio ... })\n }","file:///opt/src/js/modal.js:292:3:302:3" 15 | "$.fn.modal","file:///opt/src/js/modal.js:304:13:304:22" 16 | "functio ... })\n }","file:///opt/src/js/popover.js:82:3:92:3" 17 | "$.fn.popover","file:///opt/src/js/popover.js:94:13:94:24" 18 | "functio ... })\n }","file:///opt/src/js/scrollspy.js:136:3:145:3" 19 | "$.fn.scrollspy","file:///opt/src/js/scrollspy.js:147:13:147:26" 20 | "functio ... })\n }","file:///opt/src/js/tab.js:118:3:126:3" 21 | "$.fn.tab","file:///opt/src/js/tab.js:128:13:128:20" 22 | "functio ... }","file:///opt/src/js/tests/index.html:47:30:49:11" 23 | "$.fn.af ... flict()","file:///opt/src/js/tests/unit/affix.js:14:29:14:51" 24 | "$.fn.bootstrapAffix","file:///opt/src/js/tests/unit/affix.js:17:20:17:38" 25 | "$.fn.al ... flict()","file:///opt/src/js/tests/unit/alert.js:14:29:14:51" 26 | "$.fn.bootstrapAlert","file:///opt/src/js/tests/unit/alert.js:17:20:17:38" 27 | "$.fn.bu ... flict()","file:///opt/src/js/tests/unit/button.js:14:30:14:53" 28 | "$.fn.bootstrapButton","file:///opt/src/js/tests/unit/button.js:17:21:17:40" 29 | "$.fn.ca ... flict()","file:///opt/src/js/tests/unit/carousel.js:14:32:14:57" 30 | "$.fn.bo ... arousel","file:///opt/src/js/tests/unit/carousel.js:17:23:17:44" 31 | "$.fn.co ... flict()","file:///opt/src/js/tests/unit/collapse.js:14:32:14:57" 32 | "$.fn.bo ... ollapse","file:///opt/src/js/tests/unit/collapse.js:17:23:17:44" 33 | "$.fn.dr ... flict()","file:///opt/src/js/tests/unit/dropdown.js:14:32:14:57" 34 | "$.fn.bo ... ropdown","file:///opt/src/js/tests/unit/dropdown.js:17:23:17:44" 35 | "$.fn.mo ... flict()","file:///opt/src/js/tests/unit/modal.js:14:29:14:51" 36 | "$.fn.bootstrapModal","file:///opt/src/js/tests/unit/modal.js:17:20:17:38" 37 | "$.fn.po ... flict()","file:///opt/src/js/tests/unit/popover.js:14:31:14:55" 38 | "$.fn.bo ... Popover","file:///opt/src/js/tests/unit/popover.js:17:22:17:42" 39 | "$.fn.sc ... flict()","file:///opt/src/js/tests/unit/scrollspy.js:14:33:14:59" 40 | "$.fn.bo ... rollspy","file:///opt/src/js/tests/unit/scrollspy.js:17:24:17:46" 41 | "$.fn.ta ... flict()","file:///opt/src/js/tests/unit/tab.js:14:27:14:47" 42 | "$.fn.bootstrapTab","file:///opt/src/js/tests/unit/tab.js:17:18:17:34" 43 | "$.fn.to ... flict()","file:///opt/src/js/tests/unit/tooltip.js:14:31:14:55" 44 | "$.fn.bo ... Tooltip","file:///opt/src/js/tests/unit/tooltip.js:17:22:17:42" 45 | "functio ... })\n }","file:///opt/src/js/tooltip.js:494:3:504:3" 46 | "$.fn.tooltip","file:///opt/src/js/tooltip.js:506:13:506:24" 47 | "functio ... his\n }","file:///opt/src/js/transition.js:36:31:43:3" 48 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/plugin-options.csv: -------------------------------------------------------------------------------- 1 | "plugin","URL for plugin","optionsParam","URL for optionsParam" 2 | "functio ... })\n }","file:///opt/src/js/affix.js:119:3:128:3","option","file:///opt/src/js/affix.js:119:19:119:24" 3 | "functio ... })\n }","file:///opt/src/js/alert.js:64:3:72:3","option","file:///opt/src/js/alert.js:64:19:64:24" 4 | "functio ... })\n }","file:///opt/src/js/button.js:78:3:89:3","option","file:///opt/src/js/button.js:78:19:78:24" 5 | "functio ... })\n }","file:///opt/src/js/carousel.js:176:3:188:3","option","file:///opt/src/js/carousel.js:176:19:176:24" 6 | "functio ... })\n }","file:///opt/src/js/collapse.js:170:3:180:3","option","file:///opt/src/js/collapse.js:170:19:170:24" 7 | "functio ... })\n }","file:///opt/src/js/dropdown.js:130:3:138:3","option","file:///opt/src/js/dropdown.js:130:19:130:24" 8 | "functio ... })\n }","file:///opt/src/js/modal.js:292:3:302:3","_relatedTarget","file:///opt/src/js/modal.js:292:27:292:40" 9 | "functio ... })\n }","file:///opt/src/js/popover.js:82:3:92:3","option","file:///opt/src/js/popover.js:82:19:82:24" 10 | "functio ... })\n }","file:///opt/src/js/scrollspy.js:136:3:145:3","option","file:///opt/src/js/scrollspy.js:136:19:136:24" 11 | "functio ... })\n }","file:///opt/src/js/tab.js:118:3:126:3","option","file:///opt/src/js/tab.js:118:19:118:24" 12 | "functio ... })\n }","file:///opt/src/js/tooltip.js:494:3:504:3","option","file:///opt/src/js/tooltip.js:494:19:494:24" 13 | "functio ... his\n }","file:///opt/src/js/transition.js:36:31:43:3","duration","file:///opt/src/js/transition.js:36:41:36:48" 14 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/property-read.csv: -------------------------------------------------------------------------------- 1 | "n","URL for n" 2 | "$.fn","file:///opt/src/js/affix.js:130:13:130:16" 3 | "$.fn","file:///opt/src/js/affix.js:132:3:132:6" 4 | "$.fn","file:///opt/src/js/affix.js:133:3:133:6" 5 | "$.fn","file:///opt/src/js/affix.js:139:3:139:6" 6 | "$.fn","file:///opt/src/js/affix.js:140:5:140:8" 7 | "$.fn","file:///opt/src/js/alert.js:74:13:74:16" 8 | "$.fn","file:///opt/src/js/alert.js:76:3:76:6" 9 | "$.fn","file:///opt/src/js/alert.js:77:3:77:6" 10 | "$.fn","file:///opt/src/js/alert.js:83:3:83:6" 11 | "$.fn","file:///opt/src/js/alert.js:84:5:84:8" 12 | "$.fn","file:///opt/src/js/button.js:91:13:91:16" 13 | "$.fn","file:///opt/src/js/button.js:93:3:93:6" 14 | "$.fn","file:///opt/src/js/button.js:94:3:94:6" 15 | "$.fn","file:///opt/src/js/button.js:100:3:100:6" 16 | "$.fn","file:///opt/src/js/button.js:101:5:101:8" 17 | "$.fn","file:///opt/src/js/carousel.js:190:13:190:16" 18 | "$.fn","file:///opt/src/js/carousel.js:192:3:192:6" 19 | "$.fn","file:///opt/src/js/carousel.js:193:3:193:6" 20 | "$.fn","file:///opt/src/js/carousel.js:199:3:199:6" 21 | "$.fn","file:///opt/src/js/carousel.js:200:5:200:8" 22 | "$.fn","file:///opt/src/js/collapse.js:182:13:182:16" 23 | "$.fn","file:///opt/src/js/collapse.js:184:3:184:6" 24 | "$.fn","file:///opt/src/js/collapse.js:185:3:185:6" 25 | "$.fn","file:///opt/src/js/collapse.js:191:3:191:6" 26 | "$.fn","file:///opt/src/js/collapse.js:192:5:192:8" 27 | "$.fn","file:///opt/src/js/dropdown.js:140:13:140:16" 28 | "$.fn","file:///opt/src/js/dropdown.js:142:3:142:6" 29 | "$.fn","file:///opt/src/js/dropdown.js:143:3:143:6" 30 | "$.fn","file:///opt/src/js/dropdown.js:149:3:149:6" 31 | "$.fn","file:///opt/src/js/dropdown.js:150:5:150:8" 32 | "$.fn","file:///opt/src/js/modal.js:304:13:304:16" 33 | "$.fn","file:///opt/src/js/modal.js:306:3:306:6" 34 | "$.fn","file:///opt/src/js/modal.js:307:3:307:6" 35 | "$.fn","file:///opt/src/js/modal.js:313:3:313:6" 36 | "$.fn","file:///opt/src/js/modal.js:314:5:314:8" 37 | "$.fn","file:///opt/src/js/popover.js:20:8:20:11" 38 | "$.fn","file:///opt/src/js/popover.js:24:35:24:38" 39 | "$.fn","file:///opt/src/js/popover.js:35:36:35:39" 40 | "$.fn","file:///opt/src/js/popover.js:94:13:94:16" 41 | "$.fn","file:///opt/src/js/popover.js:96:3:96:6" 42 | "$.fn","file:///opt/src/js/popover.js:97:3:97:6" 43 | "$.fn","file:///opt/src/js/popover.js:103:3:103:6" 44 | "$.fn","file:///opt/src/js/popover.js:104:5:104:8" 45 | "$.fn","file:///opt/src/js/scrollspy.js:147:13:147:16" 46 | "$.fn","file:///opt/src/js/scrollspy.js:149:3:149:6" 47 | "$.fn","file:///opt/src/js/scrollspy.js:150:3:150:6" 48 | "$.fn","file:///opt/src/js/scrollspy.js:156:3:156:6" 49 | "$.fn","file:///opt/src/js/scrollspy.js:157:5:157:8" 50 | "$.fn","file:///opt/src/js/tab.js:128:13:128:16" 51 | "$.fn","file:///opt/src/js/tab.js:130:3:130:6" 52 | "$.fn","file:///opt/src/js/tab.js:131:3:131:6" 53 | "$.fn","file:///opt/src/js/tab.js:137:3:137:6" 54 | "$.fn","file:///opt/src/js/tab.js:138:5:138:8" 55 | "$.fn","file:///opt/src/js/tests/index.html:47:11:47:14" 56 | "$.fn","file:///opt/src/js/tests/unit/affix.js:14:7:14:10" 57 | "$.fn","file:///opt/src/js/tests/unit/affix.js:14:29:14:32" 58 | "$.fn","file:///opt/src/js/tests/unit/affix.js:17:7:17:10" 59 | "$.fn","file:///opt/src/js/tests/unit/affix.js:17:20:17:23" 60 | "$.fn","file:///opt/src/js/tests/unit/affix.js:18:14:18:17" 61 | "$.fn","file:///opt/src/js/tests/unit/affix.js:24:24:24:27" 62 | "$.fn","file:///opt/src/js/tests/unit/alert.js:14:7:14:10" 63 | "$.fn","file:///opt/src/js/tests/unit/alert.js:14:29:14:32" 64 | "$.fn","file:///opt/src/js/tests/unit/alert.js:17:7:17:10" 65 | "$.fn","file:///opt/src/js/tests/unit/alert.js:17:20:17:23" 66 | "$.fn","file:///opt/src/js/tests/unit/alert.js:18:14:18:17" 67 | "$.fn","file:///opt/src/js/tests/unit/alert.js:24:24:24:27" 68 | "$.fn","file:///opt/src/js/tests/unit/button.js:14:7:14:10" 69 | "$.fn","file:///opt/src/js/tests/unit/button.js:14:30:14:33" 70 | "$.fn","file:///opt/src/js/tests/unit/button.js:17:7:17:10" 71 | "$.fn","file:///opt/src/js/tests/unit/button.js:17:21:17:24" 72 | "$.fn","file:///opt/src/js/tests/unit/button.js:18:14:18:17" 73 | "$.fn","file:///opt/src/js/tests/unit/button.js:24:24:24:27" 74 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:14:7:14:10" 75 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:14:32:14:35" 76 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:17:7:17:10" 77 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:17:23:17:26" 78 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:18:14:18:17" 79 | "$.fn","file:///opt/src/js/tests/unit/carousel.js:24:24:24:27" 80 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:14:7:14:10" 81 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:14:32:14:35" 82 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:17:7:17:10" 83 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:17:23:17:26" 84 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:18:14:18:17" 85 | "$.fn","file:///opt/src/js/tests/unit/collapse.js:24:24:24:27" 86 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:14:7:14:10" 87 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:14:32:14:35" 88 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:17:7:17:10" 89 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:17:23:17:26" 90 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:18:14:18:17" 91 | "$.fn","file:///opt/src/js/tests/unit/dropdown.js:24:24:24:27" 92 | "$.fn","file:///opt/src/js/tests/unit/modal.js:14:7:14:10" 93 | "$.fn","file:///opt/src/js/tests/unit/modal.js:14:29:14:32" 94 | "$.fn","file:///opt/src/js/tests/unit/modal.js:17:7:17:10" 95 | "$.fn","file:///opt/src/js/tests/unit/modal.js:17:20:17:23" 96 | "$.fn","file:///opt/src/js/tests/unit/modal.js:18:14:18:17" 97 | "$.fn","file:///opt/src/js/tests/unit/modal.js:24:24:24:27" 98 | "$.fn","file:///opt/src/js/tests/unit/modal.js:37:15:37:18" 99 | "$.fn","file:///opt/src/js/tests/unit/popover.js:14:7:14:10" 100 | "$.fn","file:///opt/src/js/tests/unit/popover.js:14:31:14:34" 101 | "$.fn","file:///opt/src/js/tests/unit/popover.js:17:7:17:10" 102 | "$.fn","file:///opt/src/js/tests/unit/popover.js:17:22:17:25" 103 | "$.fn","file:///opt/src/js/tests/unit/popover.js:18:14:18:17" 104 | "$.fn","file:///opt/src/js/tests/unit/popover.js:24:24:24:27" 105 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:14:7:14:10" 106 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:14:33:14:36" 107 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:17:7:17:10" 108 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:17:24:17:27" 109 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:18:14:18:17" 110 | "$.fn","file:///opt/src/js/tests/unit/scrollspy.js:24:24:24:27" 111 | "$.fn","file:///opt/src/js/tests/unit/tab.js:14:7:14:10" 112 | "$.fn","file:///opt/src/js/tests/unit/tab.js:14:27:14:30" 113 | "$.fn","file:///opt/src/js/tests/unit/tab.js:17:7:17:10" 114 | "$.fn","file:///opt/src/js/tests/unit/tab.js:17:18:17:21" 115 | "$.fn","file:///opt/src/js/tests/unit/tab.js:18:14:18:17" 116 | "$.fn","file:///opt/src/js/tests/unit/tab.js:24:24:24:27" 117 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:14:7:14:10" 118 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:14:31:14:34" 119 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:17:7:17:10" 120 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:17:22:17:25" 121 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:18:14:18:17" 122 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:24:24:24:27" 123 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:37:15:37:18" 124 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:1126:17:1126:20" 125 | "$.fn","file:///opt/src/js/tests/unit/tooltip.js:1153:17:1153:20" 126 | "$.fn","file:///opt/src/js/tooltip.js:506:13:506:16" 127 | "$.fn","file:///opt/src/js/tooltip.js:508:3:508:6" 128 | "$.fn","file:///opt/src/js/tooltip.js:509:3:509:6" 129 | "$.fn","file:///opt/src/js/tooltip.js:515:3:515:6" 130 | "$.fn","file:///opt/src/js/tooltip.js:516:5:516:8" 131 | "$.fn","file:///opt/src/js/transition.js:36:3:36:6" 132 | -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/config/sources.csv: -------------------------------------------------------------------------------- 1 | "node","URL for node" 2 | "option","file:///opt/src/js/affix.js:119:19:119:24" 3 | "option","file:///opt/src/js/alert.js:64:19:64:24" 4 | "option","file:///opt/src/js/button.js:78:19:78:24" 5 | "option","file:///opt/src/js/carousel.js:176:19:176:24" 6 | "option","file:///opt/src/js/collapse.js:170:19:170:24" 7 | "option","file:///opt/src/js/dropdown.js:130:19:130:24" 8 | "_relatedTarget","file:///opt/src/js/modal.js:292:27:292:40" 9 | "option","file:///opt/src/js/popover.js:82:19:82:24" 10 | "option","file:///opt/src/js/scrollspy.js:136:19:136:24" 11 | "option","file:///opt/src/js/tab.js:118:19:118:24" 12 | "option","file:///opt/src/js/tooltip.js:494:19:494:24" 13 | "duration","file:///opt/src/js/transition.js:36:41:36:48" -------------------------------------------------------------------------------- /courses/javascript/unsafe-jquery/image/publish.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | set -x 5 | 6 | docker login docker.pkg.github.com -u github-actions -p ${GITHUB_TOKEN} 7 | 8 | IMAGE_VERSION=0.0.1 9 | IMAGE_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses-javascript-unsafe-jquery:${IMAGE_VERSION} 10 | IMAGE_LATEST_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses-javascript-unsafe-jquery:latest 11 | 12 | docker build -t $IMAGE_TAG -t $IMAGE_LATEST_TAG . 13 | 14 | docker push $IMAGE_TAG 15 | docker push $IMAGE_LATEST_TAG -------------------------------------------------------------------------------- /docs/comment_screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/github/codeql-learninglab-actions/cf738081710abe6821edff26986cf3e085f46850/docs/comment_screenshot.png -------------------------------------------------------------------------------- /scripts/test-course-actual.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Build the codeql-learninglab-check & course image, and run all queries in 4 | # the course to ensure the expected result 5 | # 6 | # Should be run with the cwd being the course folder 7 | 8 | set -e 9 | set -x 10 | 11 | # Extract the expected parent tag from course Dockerfile 12 | PARENT_TAG=$(head -n 1 image/Dockerfile | awk -F ' ' '{print $2}') 13 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 14 | 15 | # Build codeql-learninglab-check 16 | docker pull $PARENT_TAG 17 | 18 | # Run ./test-course-shared.sh 19 | $DIR/test-course-shared.sh $@ 20 | -------------------------------------------------------------------------------- /scripts/test-course-latest.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Build the codeql-learninglab-check & course image, and run all queries in 4 | # the course to ensure the expected result 5 | # 6 | # Should be run with the cwd being the course folder 7 | 8 | set -e 9 | set -x 10 | 11 | # Extract the expected parent tag from course Dockerfile 12 | PARENT_TAG=$(head -n 1 image/Dockerfile | awk -F ' ' '{print $2}') 13 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 14 | 15 | # Build codeql-learninglab-check 16 | docker build -t $PARENT_TAG $DIR/../codeql-learninglab-check 17 | 18 | # Run ./test-course-shared.sh 19 | $DIR/test-course-shared.sh $@ 20 | -------------------------------------------------------------------------------- /scripts/test-course-shared.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Build the course image, and run all or specific queries in 4 | # the course to ensure the expected result 5 | # 6 | # Should be run with the cwd being the course folder 7 | 8 | set -e 9 | set -x 10 | 11 | TMP=$(mktemp -d -t ci-XXXXXXXXXX) 12 | TAG=ci-test 13 | 14 | # Build course image 15 | docker build -t $TAG image 16 | 17 | # Prepare temporary folder to mount into docker 18 | mkdir -p $TMP 19 | cp -R answers $TMP/answers 20 | echo "{}" > $TMP/event.json 21 | 22 | # Get query argument 23 | RUN_ALL=true 24 | QUERY_PATTERN="" 25 | if [ "$1" != "" ]; then 26 | RUN_ALL=false 27 | QUERY_PATTERN=$1 28 | echo "Running specific queries $QUERY_PATTERN" 29 | else 30 | echo "Running all queries" 31 | fi 32 | 33 | # Run docker image 34 | docker run -i \ 35 | -e GITHUB_EVENT_NAME=push \ 36 | -e GITHUB_EVENT_PATH=/opt/tmp/event.json \ 37 | -e GITHUB_TOKEN=noop \ 38 | -e RUN_ALL=$RUN_ALL \ 39 | -e QUERY_PATTERN=$QUERY_PATTERN \ 40 | -e SKIP_COMMENT=true \ 41 | -v $TMP:/opt/tmp:ro \ 42 | -w /opt/tmp/answers \ 43 | $TAG -------------------------------------------------------------------------------- /templates/action/README.md: -------------------------------------------------------------------------------- 1 | # CodeQL LearningLab Course Action Template 2 | 3 | Copy this entire directory, 4 | and replace the following: 5 | 6 | * Replace ``, `` and `` in the `image` property in 7 | [`action.yml`](action.yml) to reference the correct repository 8 | where the docker image will be published, 9 | and with a package name of your choice. 10 | (For courses in this repository, 11 | we use the convention of taking the course path, 12 | and replacing slashes with dashes, 13 | e.g. `courses/cpp/ctf-segv` becomes `courses-cpp-ctf-segv`) 14 | * Replace the zip file URL in [`image/Dockerfile`](image/Dockerfile) 15 | to point to the CodeQL database that will be used in your course. 16 | 17 | After this, 18 | update [`answers/`](answers) and [`image/config/`](image/config) 19 | to add your model answers and expected query results as appropriate. 20 | -------------------------------------------------------------------------------- /templates/action/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Check queries' 2 | description: 'Check that the queries that have been pushed produce the correct results' 3 | author: 'GitHub ' 4 | runs: 5 | using: 'docker' 6 | image: 'docker://docker.pkg.github.com///' 7 | branding: 8 | icon: 'check-circle' 9 | color: 'purple' -------------------------------------------------------------------------------- /templates/action/answers/qlpack.yml: -------------------------------------------------------------------------------- 1 | name: course-template 2 | version: 0.0.0 3 | libraryPathDependencies: codeql-cpp # Update this with appropriate language 4 | -------------------------------------------------------------------------------- /templates/action/answers/step-01.ql: -------------------------------------------------------------------------------- 1 | import cpp 2 | 3 | from Function f 4 | where f.getName() = "getchar" 5 | select f -------------------------------------------------------------------------------- /templates/action/answers/step-02.ql: -------------------------------------------------------------------------------- 1 | import cpp 2 | 3 | from Function f 4 | where f.getName() = "getchar" 5 | select f -------------------------------------------------------------------------------- /templates/action/image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/codeql-learninglab-check:v2.0.0 2 | 3 | ## Add course config 4 | COPY --chown=codeql:codeql config /home/codeql/config 5 | WORKDIR /home/codeql/config 6 | # Download, unzip and then delete the zip file in one step to reduce image size 7 | RUN wget --quiet https://downloads.lgtm.com/snapshots/cpp/GNU/glibc/bminor_glibc_cpp-srcVersion_333221862ecbebde60dd16e7ca17d26444e62f50-dist_odasa-lgtm-2019-04-08-af06f68-linux64.zip -O database.zip && unzip -qq database.zip && rm -rf database.zip 8 | -------------------------------------------------------------------------------- /templates/action/image/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "databasePath": "bminor_glibc_3332218", 3 | "locationPaths": "https://github.com///blob/{path}#L{line-start}-L{line-end}", 4 | "expectedResults": { 5 | "step-01.ql": "step-01.csv", 6 | "step-02.ql": false 7 | } 8 | } -------------------------------------------------------------------------------- /templates/action/image/config/step-01.csv: -------------------------------------------------------------------------------- 1 | "f","URL for f","col1" 2 | "getchar","file:///opt/src/libio/getchar.c:33:1:33:7","a getchar function" 3 | "getchar","file:///opt/src/libio/bits/stdio.h:47:1:47:7","a getchar function" 4 | "getchar","file:///opt/src/libio/bits/stdio.h:47:1:47:7","a getchar function" -------------------------------------------------------------------------------- /templates/action/image/publish.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | set -x 5 | 6 | docker login docker.pkg.github.com -u github-actions -p ${GITHUB_TOKEN} 7 | 8 | IMAGE_VERSION=0.0.1 9 | IMAGE_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses--:${IMAGE_VERSION} 10 | IMAGE_LATEST_TAG=docker.pkg.github.com/github/codeql-learninglab-actions/courses--:latest 11 | 12 | docker build -t $IMAGE_TAG -t $IMAGE_LATEST_TAG . 13 | 14 | docker push $IMAGE_TAG 15 | docker push $IMAGE_LATEST_TAG -------------------------------------------------------------------------------- /templates/learninglab/README.md: -------------------------------------------------------------------------------- 1 | # CodeQL Learning Lab Course Templates 2 | 3 | If you have not created a Learning Lab course before, 4 | it is recommended to take the 5 | [course on creating a course](https://lab.github.com/githubtraining/write-a-learning-lab-course)! 6 | 7 | 8 | 9 | 10 | ## Usage instructions: 11 | 12 | 1. Create a repo called ``, 13 | and add the contents of the directory [`course`](course) 14 | as the initial contents for that repo. 15 | 1. Create a repo called `-template`, 16 | under the same owner as ``, 17 | and add the contents of the directory [`course-template`](course-template) 18 | as the initial contents for that repo. 19 | 1. In ``: 20 | 1. Update the value of `META` in `generate-config.js`, 21 | and regenerate the `config.yml` by running: 22 | ``` 23 | node generate-config.js > config.yml 24 | ``` 25 | 1. Flesh out the details of the course in `course-details.md` 26 | 1. Add instructions for each of the steps of the course as individual 27 | markdown files in `responses/` 28 | 1. Update the value of `STEPS` in `generate-config.js` 29 | to add details of each of the steps that course participants need to do, 30 | and regenerate the `config.yml` by running: 31 | ``` 32 | node generate-config.js > config.yml 33 | ``` 34 | 1. Commit your changes and push to the repository 35 | 1. In `-template`: 36 | 1. Update `.qlpack` with an appropriate pack name, 37 | for example rename it `qlpack.yml`, 38 | and the language of the database that queries will be run against. 39 | 2. Create a `README.md` with e.g. some initial instructions for the user to 40 | go to their Issues tab to get more instructions. 41 | 3. Update `.github.to.move/workflows/action/Dockerfile` to reference the 42 | tag of the dockerfile from your [Query Checking Action:](../../README.md#creating-the-query-checking-action) 43 | 2. Add your course to https://lab.github.com 44 | 45 | ## Current limitations & workarounds 46 | 47 | * GitHub Packages can't directly be used by an actions.yml file, 48 | see: https://github.com/github/codeql-learninglab-actions/issues/14 49 | 50 | * Learning Lab can't currently create courses with Actions workflows, 51 | see: https://github.com/github/codeql-learninglab-actions/issues/15 52 | 53 | In the meantime, 54 | make sure your course includes instructions on how users should rename 55 | `.github.to.move` to `.github` before writing queries. -------------------------------------------------------------------------------- /templates/learninglab/course-template/.github/workflows/action/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.pkg.github.com/github/codeql-learninglab-actions/:0.0.1 2 | -------------------------------------------------------------------------------- /templates/learninglab/course-template/.github/workflows/action/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Check queries' 2 | description: 'Check the queries that have been pushed' 3 | author: 'GitHub ' 4 | runs: 5 | using: 'docker' 6 | image: 'Dockerfile' 7 | branding: 8 | icon: 'check-circle' 9 | color: 'purple' -------------------------------------------------------------------------------- /templates/learninglab/course-template/.github/workflows/check-queries.yml: -------------------------------------------------------------------------------- 1 | name: Check Queries 2 | 3 | on: [push] 4 | 5 | jobs: 6 | check-answers: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Checkout 10 | uses: actions/checkout@v2 11 | 12 | # TODO: delete once published action used below 13 | - name: Login to docker 14 | env: 15 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 16 | run: echo "$GITHUB_TOKEN" | docker login docker.pkg.github.com -u github-actions --password-stdin 17 | 18 | # TODO: use published action in github/codeql-learninglab-actions/courses/... 19 | - name: Check answers 20 | uses: ./.github/workflows/action 21 | env: 22 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 23 | -------------------------------------------------------------------------------- /templates/learninglab/course-template/qlpack.yml: -------------------------------------------------------------------------------- 1 | name: 2 | version: 0.0.0 3 | libraryPathDependencies: codeql- -------------------------------------------------------------------------------- /templates/learninglab/course/config.yml: -------------------------------------------------------------------------------- 1 | # Generated by generate-config.js 2 | # DO NOT EDIT DIRECTLY 3 | # Instead, edit generate-config.js and re-run script 4 | 5 | title: 6 | tagline: Learn CodeQL in this course 7 | description: >- 8 | Learn CodeQL in this course 9 | template: 10 | repo: -template 11 | name: 12 | 13 | before: 14 | - type: createIssue 15 | title: 'Step 1 - Your first query' 16 | body: step-1.md 17 | action_id: step_1 18 | - type: assignRegistrant 19 | issue: '%actions.step_1.data.number%' 20 | 21 | steps: 22 | 23 | - title: "Your first query" 24 | description: "Write your first query" 25 | event: commit_comment.created 26 | link: '{{ repoUrl }}/issues/1' 27 | actions: 28 | # Ensure comment is posted by github-actions 29 | - type: gate 30 | left: '%payload.sender.login%' 31 | operator: === 32 | right: github-actions[bot] 33 | # Ensure comment is relevant for this issue 34 | - type: gate 35 | left: '%payload.comment.body%' 36 | operator: search 37 | # regex-escape then yaml-escape the expected markdown string 38 | right: "/Results for `step-1\\.ql`\\:/" 39 | # Ensure comment has expected completed string 40 | - type: gate 41 | left: '%payload.comment.body%' 42 | operator: search 43 | # regex-escape then yaml-escape the expected markdown string 44 | right: "/Results for `step-1\\.ql`\\: \\*\\*correct\\*\\* \\(3 results\\)/" 45 | else: 46 | - type: respond 47 | issue: "Step 1 - Your first query" 48 | with: fail.md 49 | data: 50 | commit: '%payload.comment.commit_id%' 51 | commentUrl: '%payload.comment.html_url%' 52 | 53 | # Answer is correct!! 54 | 55 | # Create Issue for next task 56 | - type: createIssue 57 | title: "Step 2 - Your second query" 58 | body: step-2.md 59 | action_id: next_issue 60 | 61 | - type: assignRegistrant 62 | issue: '%actions.next_issue.data.number%' 63 | 64 | # Make comment on current issue with link to commit that introduces correct query 65 | - type: respond 66 | issue: "Step 1 - Your first query" 67 | with: next.md 68 | data: 69 | next_issue: '%actions.next_issue.data.html_url%' 70 | commit: '%payload.comment.commit_id%' 71 | 72 | # Make comment on commit with link to next issue 73 | - type: octokit 74 | method: repos.createCommitComment 75 | owner: '%payload.repository.owner.login%' 76 | repo: '%payload.repository.name%' 77 | sha: '%payload.comment.commit_id%' 78 | body: | 79 | Congratulations, looks like the query you introduced for step 1 finds the correct results! 80 | 81 | Take a look at the [instructions for the next step](%actions.next_issue.data.html_url%) to continue. 82 | 83 | # Close current issue 84 | - type: closeIssue 85 | issue: "Step 1 - Your first query" 86 | 87 | - title: "Your second query" 88 | description: "Write your second query" 89 | event: commit_comment.created 90 | link: '{{ repoUrl }}/issues' 91 | actions: 92 | # Ensure comment is posted by github-actions 93 | - type: gate 94 | left: '%payload.sender.login%' 95 | operator: === 96 | right: github-actions[bot] 97 | # Ensure comment is relevant for this issue 98 | - type: gate 99 | left: '%payload.comment.body%' 100 | operator: search 101 | # regex-escape then yaml-escape the expected markdown string 102 | right: "/Results for `step-2\\.ql`\\:/" 103 | # Ensure comment has expected completed string 104 | - type: gate 105 | left: '%payload.comment.body%' 106 | operator: search 107 | # regex-escape then yaml-escape the expected markdown string 108 | right: "/Results for `step-2\\.ql`\\: \\*\\*correct\\*\\* \\(5 results\\)/" 109 | else: 110 | - type: respond 111 | issue: "Step 2 - Your second query" 112 | with: fail.md 113 | data: 114 | commit: '%payload.comment.commit_id%' 115 | commentUrl: '%payload.comment.html_url%' 116 | 117 | # Answer is correct!! 118 | 119 | 120 | # Make comment on current issue with final message 121 | - type: respond 122 | issue: "Step 2 - Your second query" 123 | with: end.md 124 | data: 125 | commit: '%payload.comment.commit_id%' 126 | 127 | # Close current issue 128 | - type: closeIssue 129 | issue: "Step 2 - Your second query" 130 | -------------------------------------------------------------------------------- /templates/learninglab/course/course-details.md: -------------------------------------------------------------------------------- 1 | This is the markdown file presented on the course page on lab.github.com 2 | 3 | The first paragraph uses a larger font, so make it eye-catching! -------------------------------------------------------------------------------- /templates/learninglab/course/generate-config.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Helper script to generate config.yml for CodeQL Courses 3 | * 4 | * To regenerate config.yml, run this in a shell: 5 | * node generate-config.js > config.yml 6 | */ 7 | 8 | // @ts-check 9 | 10 | /** 11 | * Core metadata that is output at the start of config.yml 12 | */ 13 | const META = ` 14 | title: 15 | tagline: Learn CodeQL in this course 16 | description: >- 17 | Learn CodeQL in this course 18 | template: 19 | repo: -template 20 | name: 21 | `; 22 | 23 | /** 24 | * File in `responses/` that is used as the content for comments that are posted 25 | * when a user finishes the setup phase. 26 | * 27 | */ 28 | const INTRO_OK_MESSAGE = 'setup-ok.md'; 29 | /** 30 | * File in `responses/` that is used as the content for comments that are posted 31 | * when a user finishes a step. 32 | * 33 | * Makes use of the placeholders: 34 | * * `{{next_issue}}` - URL to the issue that details the next set of instructions 35 | * * `{{commit}}` - Sha that was the head of the most recent PUSH 36 | */ 37 | const NEXT_MESSAGE = 'next.md'; 38 | /** 39 | * File in `responses/` that is used as the content for comments that are posted 40 | * when a user fails a step. 41 | * 42 | * Makes use of the placeholders: 43 | * * `{{commit}}` - Sha that was the head of the most recent PUSH 44 | */ 45 | const FAIL_MESSAGE = 'fail.md'; 46 | /** 47 | * File in `responses/` that is used as the content for the comment that is 48 | * posted when a user finishes the last step. 49 | * 50 | * Makes use of the placeholders: 51 | * * `{{commit}}` - Sha that was the head of the most recent PUSH 52 | */ 53 | const END_MESSAGE = 'end.md'; 54 | 55 | /** 56 | * Setup steps of this course. 57 | * Each of this step consists in a `.md` file that introduce the 58 | * course, describe the setup ... before the actual query writing begins 59 | */ 60 | const INTRO_ISSUES = [ 61 | { 62 | title: 'Welcome!', 63 | instructionsFile: 'step1-welcome.md', 64 | activitiesFiles: [] 65 | }, 66 | { 67 | title: 'Set up your IDE', 68 | instructionsFile: 'step2-setup.md', 69 | activitiesFiles: ['2-1.md'] 70 | } 71 | ] 72 | 73 | /** 74 | * Each of the steps of this course, each step must have: 75 | * 76 | * * `queryFile` - The file path of the query that the user needs to write for 77 | * this step. 78 | * * `expectedResults` - The number of results this query should produce 79 | * * `instructionsFile` - The file in the `responses/` directory that detail the 80 | * instructions that must be followed for this user to successfully write the 81 | * query. 82 | * * `title` - A title for this step, used in the issue title and 83 | * Learning Lab UI 84 | * * `description` - A description of this step to display in the 85 | * Learning Lab UI 86 | * 87 | * @type Array<{ 88 | * queryFile: string; 89 | * expectedResults: number; 90 | * instructionsFile: string; 91 | * title: string; 92 | * description: string; 93 | * activitiesFiles: string[]; 94 | * }> 95 | */ 96 | const STEPS = [ 97 | { 98 | queryFile: 'step-1.ql', 99 | expectedResults: 3, 100 | instructionsFile: 'step-1.md', 101 | title: 'Your first query', 102 | description: 'Write your first query', 103 | activitiesFiles: [] 104 | }, 105 | { 106 | queryFile: 'step-2.ql', 107 | expectedResults: 5, 108 | instructionsFile: 'step-2.md', 109 | title: 'Your second query', 110 | description: 'Write your second query', 111 | activitiesFiles: [] 112 | } 113 | ]; 114 | 115 | 116 | console.log(` 117 | # Generated by generate-config.js 118 | # DO NOT EDIT DIRECTLY 119 | # Instead, edit generate-config.js and re-run script 120 | `.trim() + '\n'); 121 | console.log(META.trim()); 122 | 123 | /** 124 | * @param step {{title: string;}} 125 | * @param i {number} 126 | */ 127 | const issueTitle = (step, i) => `Step ${i + 1 + INTRO_ISSUES.length} - ${step.title}`; 128 | 129 | /** 130 | * @param str {string} 131 | */ 132 | const escapeRegExp = (str) => 133 | str.replace(/[.*+?^${}()|[\]\:\\]/g, '\\$&'); 134 | 135 | // For some reason, escaping `'` in double-quoted yaml strings 136 | // doesn't work on learning lab, as it throws the exception 137 | // "unknown escape sequence". So we should explicitly only escape double quotes 138 | // and backslashes 139 | const escapeDoubleQuoteYamlString = (str) => 140 | str.replace(/[\"\\]/g, '\\$&'); 141 | 142 | console.log(` 143 | before: 144 | # Create Issues for introduction`); 145 | 146 | INTRO_ISSUES.map((issue, i) => { 147 | console.log(` 148 | - type: createIssue 149 | title: ${issue.title} 150 | body: ${issue.instructionsFile} 151 | action_id: intro_${i}`); 152 | if (issue.activitiesFiles.length > 0) { 153 | console.log(` comments:`); 154 | issue.activitiesFiles.map(activityFile => { 155 | console.log(` - ${activityFile}`); 156 | }) 157 | } 158 | console.log(` 159 | - type: assignRegistrant 160 | issue: '%actions.intro_${i}.data.number%'`) 161 | }) 162 | console.log(` 163 | - type: createIssue 164 | title: "${escapeDoubleQuoteYamlString(issueTitle(STEPS[0], 0))}" 165 | body: ${STEPS[0].instructionsFile} 166 | action_id: step_0`); 167 | if (STEPS[0].activitiesFiles.length > 0) { 168 | console.log(` comments:`); 169 | STEPS[0].activitiesFiles.map(activityFile => { 170 | console.log(` - ${activityFile}`); 171 | }) 172 | } 173 | console.log(` 174 | - type: assignRegistrant 175 | issue: '%actions.step_0.data.number%'`) 176 | 177 | console.log(` 178 | steps: 179 | - title: "Welcome to the course" 180 | description: "Know where to find documentation and help, install CodeQL, setup your IDE." 181 | event: issues.closed 182 | link: '{{ repoUrl }}/issues/1' 183 | actions: 184 | - type: gate 185 | left: '%payload.issue.title%' 186 | operator: search 187 | right: "${escapeDoubleQuoteYamlString(INTRO_ISSUES[INTRO_ISSUES.length - 1].title)}" 188 | - type: respond 189 | issue: "${escapeDoubleQuoteYamlString(INTRO_ISSUES[INTRO_ISSUES.length - 1].title)}" 190 | with: ${INTRO_OK_MESSAGE}`); 191 | 192 | STEPS.map((step, i) => { 193 | // The markdown string to look for in the comment from github-actions[bot] 194 | const expectedString = `Results for \`${step.queryFile}\`: **correct** (${step.expectedResults} result${step.expectedResults === 1 ? '' : 's'})`; 195 | const expectedIssue = `Results for \`${step.queryFile}\`:`; 196 | console.log(` 197 | - title: "${escapeDoubleQuoteYamlString(step.title)}" 198 | description: "${escapeDoubleQuoteYamlString(step.description)}" 199 | event: commit_comment.created 200 | link: '{{ repoUrl }}/issues/' 201 | actions: 202 | # Ensure comment is posted by github-actions 203 | - type: gate 204 | left: '%payload.sender.login%' 205 | operator: === 206 | right: github-actions[bot] 207 | # Ensure comment is relevant for this issue 208 | - type: gate 209 | left: '%payload.comment.body%' 210 | operator: search 211 | # regex-escape then yaml-escape the expected markdown string 212 | right: "/${escapeDoubleQuoteYamlString(escapeRegExp(expectedIssue))}/" 213 | # Ensure comment has expected completed string 214 | - type: gate 215 | left: '%payload.comment.body%' 216 | operator: search 217 | # regex-escape then yaml-escape the expected markdown string 218 | right: "/${escapeDoubleQuoteYamlString(escapeRegExp(expectedString))}/" 219 | else: 220 | - type: respond 221 | issue: "${escapeDoubleQuoteYamlString(issueTitle(step, i))}" 222 | with: ${FAIL_MESSAGE} 223 | data: 224 | commit: '%payload.comment.commit_id%' 225 | commentUrl: '%payload.comment.html_url%' 226 | 227 | # Answer is correct!!`); 228 | 229 | /* The following is disabled for now as Learning Lab is using ^15.18.3 of 230 | * octokit/rest.js, and listBranchesForHeadCommit was released in version 231 | * v16.24.1 232 | */ 233 | // console.log(` 234 | // # If there is a PR, merge it! 235 | // - type: octokit 236 | // method: repos.listBranchesForHeadCommit 237 | // owner: '%payload.repository.owner.login%' 238 | // repo: '%payload.repository.name%' 239 | // commit_sha: '%payload.comment.commit_id%' 240 | // action_id: get_branches 241 | // - type: gate 242 | // left: '%actions.get_branches.length%' 243 | // operator: '!==' 244 | // right: 1 245 | // required: false 246 | // else: 247 | // # Executes when there is 1 matching branch 248 | // - type: octokit 249 | // method: api.pulls.list 250 | // owner: '%payload.repository.owner.login%' 251 | // repo: '%payload.repository.name%' 252 | // head: '%payload.repository.owner.login%:%actions.get_branches.1.name%' 253 | // action_id: get_prs 254 | // - type: gate 255 | // left: '%actions.get_prs.length%' 256 | // operator: '!==' 257 | // right: 1 258 | // required: false 259 | // else: 260 | // # Executes when there is 1 matching pr 261 | // - type: octokit 262 | // method: api.pulls.merge 263 | // owner: '%payload.repository.owner.login%' 264 | // repo: '%payload.repository.name%' 265 | // pull_number: '%actions.get_prs.1.number%' 266 | // required: false 267 | // `); 268 | 269 | if (i < STEPS.length - 1) { 270 | const next = STEPS[i + 1]; 271 | // Next Step 272 | console.log(` 273 | # Create Issue for next task 274 | - type: createIssue 275 | title: "${escapeDoubleQuoteYamlString(issueTitle(next, i + 1))}" 276 | body: ${next.instructionsFile} 277 | comments:`); 278 | next.activitiesFiles.map(file => { 279 | console.log(` - ${file}`) 280 | }) 281 | console.log(` action_id: next_issue 282 | 283 | - type: assignRegistrant 284 | issue: '%actions.next_issue.data.number%' 285 | 286 | # Make comment on current issue with link to commit that introduces correct query 287 | - type: respond 288 | issue: "${escapeDoubleQuoteYamlString(issueTitle(step, i))}" 289 | with: ${NEXT_MESSAGE} 290 | data: 291 | next_issue: '%actions.next_issue.data.html_url%' 292 | commit: '%payload.comment.commit_id%' 293 | 294 | # Make comment on commit with link to next issue 295 | - type: octokit 296 | method: repos.createCommitComment 297 | owner: '%payload.repository.owner.login%' 298 | repo: '%payload.repository.name%' 299 | sha: '%payload.comment.commit_id%' 300 | body: | 301 | Congratulations, looks like the query you introduced for step ${INTRO_ISSUES.length + i + 1} finds the correct results! 302 | 303 | Merge this Pull Request (unless you're on the default branch), and take a look at the [instructions for the next step](%actions.next_issue.data.html_url%) to continue. 304 | 305 | # Close current issue 306 | - type: closeIssue 307 | issue: "${escapeDoubleQuoteYamlString(issueTitle(step, i))}"`); 308 | } else { 309 | // End of course 310 | console.log(` 311 | 312 | # Make comment on current issue with final message 313 | - type: respond 314 | issue: "${escapeDoubleQuoteYamlString(issueTitle(step, i))}" 315 | with: ${END_MESSAGE} 316 | data: 317 | commit: '%payload.comment.commit_id%' 318 | 319 | # Close current issue 320 | - type: closeIssue 321 | issue: "${escapeDoubleQuoteYamlString(issueTitle(step, i))}"`); 322 | } 323 | }) 324 | -------------------------------------------------------------------------------- /templates/learninglab/course/responses/end.md: -------------------------------------------------------------------------------- 1 | Congratulations, you have finished the course! 2 | -------------------------------------------------------------------------------- /templates/learninglab/course/responses/fail.md: -------------------------------------------------------------------------------- 1 | Ooops! The query you submitted in {{commit}} didn't find the right results. Have a look at the [comment]({{commentUrl}}). 2 | 3 | To submit a new iteration of your query, you just have to push a new commit to the same branch (your default branch, or the PR branch). 4 | -------------------------------------------------------------------------------- /templates/learninglab/course/responses/next.md: -------------------------------------------------------------------------------- 1 | Congratulations, looks like the query you introduced in {{commit}} finds the correct results! 2 | 3 | Take a look at the [instructions for the next step]({{next_issue}}) to continue. 4 | -------------------------------------------------------------------------------- /templates/learninglab/course/responses/setup-ok.md: -------------------------------------------------------------------------------- 1 | Ok, you're done with the setup, moving on! 2 | -------------------------------------------------------------------------------- /templates/learninglab/course/responses/step-1.md: -------------------------------------------------------------------------------- 1 | These are instructions for step 1 -------------------------------------------------------------------------------- /templates/learninglab/course/responses/step-2.md: -------------------------------------------------------------------------------- 1 | These are instructions for step 1 --------------------------------------------------------------------------------