Python: Port py/sql-injection to use proper source/sink customization

2026-01-10 13:10:26 +01:00 · 2021-06-29 18:55:04 +02:00
parent c47d680d65
commit 0be280c608
3 changed files with 85 additions and 14 deletions
--- a/python/ql/src/Security/CWE-089/SqlInjection.ql
+++ b/python/ql/src/Security/CWE-089/SqlInjection.ql
@@ -16,7 +16,7 @@ import python
 import semmle.python.security.dataflow.SqlInjection
 import DataFlow::PathGraph

-from SQLInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
+from SqlInjection::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This SQL query depends on $@.", source.getNode(),
  "a user-provided value"