Add SQLEscapySanitizerCall class

2026-05-02 04:05:14 +02:00 · 2021-06-29 19:39:46 -04:00
parent 986f2f4302
commit 0be2c6b765
1 changed files with 14 additions and 0 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.ApiGraphs
 private import semmle.python.Concepts
+private import experimental.semmle.python.Concepts

 private module SqlAlchemy {
  /**
@@ -117,4 +118,17 @@ private module SqlAlchemy {
      )
    }
  }
+
+  /**
+   * Gets a reference to `sqlescapy.sqlescape`.
+   *
+   * See https://pypi.org/project/sqlescapy/
+   */
+  class SQLEscapySanitizerCall extends DataFlow::CallCfgNode, SQLEscape::Range {
+    SQLEscapySanitizerCall() {
+      this = API::moduleImport("sqlescapy").getMember("sqlescape").getACall()
+    }
+
+    override DataFlow::Node getAnInput() { result = this.getArg(0) }
+  }
 }