hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4820 from RasmusWL/add-pymysql-modeling

Browse Source 
Approved by yoff
This commit is contained in:
CodeQL CI
2020-12-14 03:04:24 -08:00
committed by GitHub
parent 90dbb60c7f daf418624e
commit 0420ac7aac
9 changed files with 46 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/semmle/python/Frameworks.qll
View File

@@ -7,8 +7,9 @@ private import semmle.python.frameworks.Django
private import semmle.python.frameworks.Fabric
private import semmle.python.frameworks.Flask
private import semmle.python.frameworks.Invoke
private import semmle.python.frameworks.MySQLdb
private import semmle.python.frameworks.MysqlConnectorPython
private import semmle.python.frameworks.MySQLdb
private import semmle.python.frameworks.Psycopg2
private import semmle.python.frameworks.PyMySQL
private import semmle.python.frameworks.Stdlib
private import semmle.python.frameworks.Yaml

2
python/ql/src/semmle/python/frameworks/MySQLdb.qll
View File

@@ -17,7 +17,7 @@ private import PEP249
* - https://mysqlclient.readthedocs.io/index.html
* - https://pypi.org/project/MySQL-python/
*/
module MySQLdb {
private module MySQLdb {
// ---------------------------------------------------------------------------
// MySQLdb
// ---------------------------------------------------------------------------

2
python/ql/src/semmle/python/frameworks/MysqlConnectorPython.qll
View File

@@ -17,7 +17,7 @@ private import PEP249
* - https://dev.mysql.com/doc/connector-python/en/
* - https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
*/
module MysqlConnectorPython {
private module MysqlConnectorPython {
// ---------------------------------------------------------------------------
// mysql
// ---------------------------------------------------------------------------

2
python/ql/src/semmle/python/frameworks/Psycopg2.qll
View File

@@ -17,7 +17,7 @@ private import PEP249
* - https://www.psycopg.org/docs/
* - https://pypi.org/project/psycopg2/
*/
module Psycopg2 {
private module Psycopg2 {
// ---------------------------------------------------------------------------
// Psycopg
// ---------------------------------------------------------------------------

32
python/ql/src/semmle/python/frameworks/PyMySQL.qll Normal file
View File

@@ -0,0 +1,32 @@
/**
* Provides classes modeling security-relevant aspects of the `PyMySQL` PyPI package.
* See https://pypi.org/project/PyMySQL/
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.Concepts
private import PEP249
/**
* Provides models for the `PyMySQL` PyPI package.
* See https://pypi.org/project/PyMySQL/
*/
private module PyMySQL {
/** Gets a reference to the `pymysql` module. */
private DataFlow::Node pymysql(DataFlow::TypeTracker t) {
t.start() and
result = DataFlow::importNode("pymysql")
or
exists(DataFlow::TypeTracker t2 | result = pymysql(t2).track(t2, t))
}
/** Gets a reference to the `pymysql` module. */
DataFlow::Node pymysql() { result = pymysql(DataFlow::TypeTracker::end()) }
/** PyMySQL implements PEP 249, providing ways to execute SQL statements against a database. */
class PyMySQLPEP249 extends PEP249Module {
PyMySQLPEP249() { this = pymysql() }
}
}