Add part 3 challs 7-11

sylwia-budzynska · sylwia-budzynska · commit 68a93ff471dc · 2024-04-16T13:24:22.000+02:00
diff --git a/3/10/instructions.md b/3/10/instructions.md
@@ -0,0 +1,2 @@
+Run the CWE-20 Untrusted APIs query on a repo of your choice. For Python in the VS Code CodeQL Starter Workspace, it is located in `vscode-codeql-starter/ql/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql`.
+Try to choose a new project, download its database from GitHub (see setup) and run this query on it.
diff --git a/3/11/instructions.md b/3/11/instructions.md
@@ -0,0 +1,2 @@
+Set up MRVA using instructions [here](https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository). Select top 10 repositories in the CodeQL extension tab. Choose one of the prewritten queries in your favorite language, right-click in the query file, and select CodeQL: Run Variant Analysis to start variant analysis. If you don’t find anything using that query, it’s likely because the project is already secured against that vulnerability. If you prefer, run one of the bigger lists with 100 or 1000 repositories.
+Caution: if you do find true positive vulnerabilities, make sure to verify them first and then report them using the coordinated disclosure process. See our [guide](https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/) for reporting vulnerabilities to open source.
diff --git a/3/7/instructions.md b/3/7/instructions.md
@@ -0,0 +1,2 @@
+You will need to use the VS Code CodeQL Starter Workspace for this challenge. See [setup](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#option-b-local-installation).
+CodeQL for Python stores all its security related queries in `python/ql/src/Security/` folder and experimental queries in python/ql/src/experimental/Security. The folder structure might differ a bit for other languages, for example Ruby in `ruby/ql/src/queries/security` or  C# in `csharp/ql/src/Security Features`.
diff --git a/3/8/instructions.md b/3/8/instructions.md
@@ -0,0 +1,2 @@
+Find all the sources in the provided database using the `RemoteFlowSource` type.
+Feel free to choose a different project to query on, maybe you’ll find something interesting? To download a CodeQL database for any open source project on GitHub, check [setup instructions](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#select-codeql-database).
diff --git a/3/8/query.ql b/3/8/query.ql
@@ -0,0 +1,6 @@
+import python
+import semmle.python.dataflow.new.RemoteFlowSources
+
+
+from RemoteFlowSource rfs
+select rfs
diff --git a/3/9/instructions.md b/3/9/instructions.md
@@ -0,0 +1,2 @@
+Find all the SQL injection sinks. See what other sinks are available in Concepts and try to query for them.
+Feel free to choose a different project to query on.
diff --git a/3/9/query.ql b/3/9/query.ql
@@ -0,0 +1,5 @@
+import python
+import semmle.python.Concepts
+
+from SqlExecution sink
+select sink

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Run the CWE-20 Untrusted APIs query on a repo of your choice. For Python in the VS Code CodeQL Starter Workspace, it is located in `vscode-codeql-starter/ql/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql`.
	`2`	`+Try to choose a new project, download its database from GitHub (see setup) and run this query on it.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Set up MRVA using instructions [here](https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository). Select top 10 repositories in the CodeQL extension tab. Choose one of the prewritten queries in your favorite language, right-click in the query file, and select CodeQL: Run Variant Analysis to start variant analysis. If you don’t find anything using that query, it’s likely because the project is already secured against that vulnerability. If you prefer, run one of the bigger lists with 100 or 1000 repositories.
	`2`	`+Caution: if you do find true positive vulnerabilities, make sure to verify them first and then report them using the coordinated disclosure process. See our [guide](https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/) for reporting vulnerabilities to open source.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+You will need to use the VS Code CodeQL Starter Workspace for this challenge. See [setup](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#option-b-local-installation).`
	`2`	+CodeQL for Python stores all its security related queries in `python/ql/src/Security/` folder and experimental queries in python/ql/src/experimental/Security. The folder structure might differ a bit for other languages, for example Ruby in `ruby/ql/src/queries/security` or C# in `csharp/ql/src/Security Features`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Find all the sources in the provided database using the `RemoteFlowSource` type.
	`2`	`+Feel free to choose a different project to query on, maybe you’ll find something interesting? To download a CodeQL database for any open source project on GitHub, check [setup instructions](https://github.com/GitHubSecurityLab/codeql-zero-to-hero/blob/main/2/challenge-2/instructions.md#select-codeql-database).`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Find all the SQL injection sinks. See what other sinks are available in Concepts and try to query for them.`
	`2`	`+Feel free to choose a different project to query on.`