Polish part 3 challs

Author: sylwia-budzynska

3/1/instructions.md

@@ -1,3 +1,3 @@
 You will need to set up CodeQL using one of the methods presented in [challenge 2](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md) from CodeQL zero to hero part 2 to run the queries. Remember also to download and [select a CodeQL database](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#select-codeql-database) - it can be the GitHubSecurityLab/codeql-zero-to-hero database, but you may also choose another project.
 
-Run the above query to find all method calls that are called ‘execute’ and come from the `django.db` library.
+Run the query in this challenge to find all method calls that are called ‘execute’ and come from the `django.db` library.

3/10/instructions.md

@@ -1,2 +1,2 @@
 Run the CWE-20 Untrusted APIs query on a repo of your choice. For Python in the VS Code CodeQL Starter Workspace, it is located in `vscode-codeql-starter/ql/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql`.
-Try to choose a new project, download its database from GitHub (see setup) and run this query on it.
+Try to choose a new project, download its database from GitHub (see [setup](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#option-b-local-installation)) and run this query on it.

3/2/instructions.md

@@ -1 +1,5 @@
-Now you know how to query for calls to functions from specific libraries. If os.system executes input coming from a user, it could lead to a command injection. Write a query to find calls to os.system and run it on the database you selected in the previous challenge.
+Now you know how to query for calls to functions from specific libraries.
+
+If `os.system` executes input coming from a user, it could lead to a command injection. Write a query to find calls to `os.system` and run it on the database you selected in the previous challenge.
+
+See solution in this folder.

3/3/instructions.md

@@ -1 +1,3 @@
 Flask is a popular Python web framework. Frameworks very often introduce potential sources for untrusted data, [Flask request](https://flask.palletsprojects.com/en/3.0.x/api/#incoming-request-data) being one of them. Write a query to find Flask requests.
+
+See solution in this folder.

3/3/query.ql

@@ -1,4 +1,8 @@
 import python
 import semmle.python.ApiGraphs
 
-select API::moduleImport("flask").getMember("request").asSource()
+select API::moduleImport("flask").getMember("request").getMember("args").asSource()
+
+// Note that you can also use a wildcard to query for any method of the request object, for example:
+
+// select API::moduleImport("flask").getMember("request").getMember(_).asSource()

3/4/instructions.md

@@ -1 +1,3 @@
-Run the query with `getAQlClass` predicate
+Run a query with `getAQlClass` predicate.
+
+See example in this folder.

3/5/instructions.md

@@ -1 +1,3 @@
-Run the local data flow query to find execute calls that do not take a string literal
+Run the local data flow query to find execute calls that do not take a string literal.
+
+See the query in this folder.

3/6/instructions.md

@@ -1,4 +1,5 @@
 Run the taint tracking query to find flows from a Flask request to a django.db’s ‘execute’ sink.
-If the path is not displaying properly, you may need to change the view to ‘alerts’.
+
+See the query in this folder. If the path is not displaying properly, you may need to change the view to ‘alerts’.
 
 <img src=../../images/alert-view.png>

3/7/instructions.md

@@ -1,2 +1,2 @@
 You will need to use the VS Code CodeQL Starter Workspace for this challenge. See [setup](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#option-b-local-installation).
-CodeQL for Python stores all its security related queries in `python/ql/src/Security/` folder and experimental queries in python/ql/src/experimental/Security. The folder structure might differ a bit for other languages, for example Ruby in `ruby/ql/src/queries/security` or  C# in `csharp/ql/src/Security Features`.
+CodeQL for Python stores all its security related queries in `python/ql/src/Security/` folder and experimental queries in `python/ql/src/experimental/Security`. The folder structure might differ a bit for other languages, for example Ruby in `ruby/ql/src/queries/security` or  C# in `csharp/ql/src/Security Features`.

3/8/instructions.md

@@ -1,2 +1,2 @@
-Find all the sources in the provided database using the `RemoteFlowSource` type.
+Find all the sources using the `RemoteFlowSource` type.
 Feel free to choose a different project to query on, maybe you’ll find something interesting? To download a CodeQL database for any open source project on GitHub, check [setup instructions](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#select-codeql-database).