hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #299 from asger-semmle/nosql-sinks

Browse Source 
Approved by xiemaisi
This commit is contained in:
semmle-qlci
2018-10-12 07:12:05 +01:00
committed by GitHub
parent 44fd18c4a9 74f115fa40
commit 16b29b2d08
3 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
View File

@@ -62,9 +62,22 @@ private module MongoDB {
QueryCall() {
exists (string m | asExpr().(MethodCallExpr).calls(any(Collection c), m) |
m = "aggregate" and queryArgIdx = 0 or
m = "count" and queryArgIdx = 0 or
m = "deleteMany" and queryArgIdx = 0 or
m = "deleteOne" and queryArgIdx = 0 or
m = "distinct" and queryArgIdx = 1 or
m = "find" and queryArgIdx = 0
m = "find" and queryArgIdx = 0 or
m = "findOne" and queryArgIdx = 0 or
m = "findOneAndDelete" and queryArgIdx = 0 or
m = "findOneAndRemove" and queryArgIdx = 0 or
m = "findOneAndDelete" and queryArgIdx = 0 or
m = "findOneAndUpdate" and queryArgIdx = 0 or
m = "remove" and queryArgIdx = 0 or
m = "replaceOne" and queryArgIdx = 0 or
m = "update" and queryArgIdx = 0 or
m = "updateMany" and queryArgIdx = 0 or
m = "updateOne" and queryArgIdx = 0
)
}