hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add note about incompleteness

Browse Source 
I was going to do this in an issue, but it makes sense
to have it in the code. We could still add an issue as well.
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-10-21 15:15:19 +02:00
parent c57c798bfa
commit 060481053a
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/semmle/python/frameworks/Django.qll
View File

@@ -131,6 +131,12 @@ private module Django {
/** Gets a reference to the `django.db.connection.cursor.execute` function. */
DataFlow::Node execute() { result = execute(DataFlow::TypeTracker::end()) }
// -------------------------------------------------------------------------
// django.db.models
// -------------------------------------------------------------------------
// NOTE: The modelling of django models is currently fairly incomplete.
// It does not fully take `Model`s, `Manager`s, `and QuerySet`s into account.
// It simply identifies some common dangerous cases.
/** Gets a reference to the `django.db.models` module. */
private DataFlow::Node models(DataFlow::TypeTracker t) {
t.start() and