Python: Move SqlInjection configuration to own file

2026-04-30 19:26:02 +02:00 · 2020-11-06 14:09:46 +01:00
parent 6299b73a46
commit 0c6bd8401a
2 changed files with 22 additions and 12 deletions
--- a/python/ql/src/Security/CWE-089/SqlInjection.ql
+++ b/python/ql/src/Security/CWE-089/SqlInjection.ql
@@ -12,20 +12,9 @@
 */

 import python
-import semmle.python.dataflow.new.DataFlow
-import semmle.python.dataflow.new.TaintTracking
-import semmle.python.Concepts
-import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.security.dataflow.SqlInjection
 import DataFlow::PathGraph

-class SQLInjectionConfiguration extends TaintTracking::Configuration {
-  SQLInjectionConfiguration() { this = "SQLInjectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink = any(SqlExecution e).getSql() }
-}
-
 from SQLInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This SQL query depends on $@.", source.getNode(),
--- a/python/ql/src/semmle/python/security/dataflow/SqlInjection.qll
+++ b/python/ql/src/semmle/python/security/dataflow/SqlInjection.qll
@@ -0,0 +1,21 @@
+/**
+ * Provides a taint-tracking configuration for reasoning about SQL injection
+ * vulnerabilities.
+ */
+
+import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.Concepts
+import semmle.python.dataflow.new.RemoteFlowSources
+
+/**
+ * A taint-tracking configuration for reasoning about SQL injection vulnerabilities.
+ */
+class SQLInjectionConfiguration extends TaintTracking::Configuration {
+  SQLInjectionConfiguration() { this = "SQLInjectionConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink = any(SqlExecution e).getSql() }
+}