hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added @sap/hdbext.loadProccedure as sql sink.

Browse Source
This commit is contained in:
Napalys
2025-03-25 14:48:40 +01:00
parent e595def8b0
commit 0285cb6c7a
3 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/ext/hana-db-client.model.yml
View File

@@ -4,5 +4,5 @@ extensions:
extensible: sinkModel
data:
- ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"]
- ["hdb", "Member[createClient].ReturnValue.Member[exec,prepare,execute].Argument[0]", "sql-injection"]
- ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"]