Merge pull request #17080 from sylwia-budzynska/streamlit

Python: Add Streamlit models
2026-04-25 08:45:14 +02:00 · 2024-07-31 18:20:11 +02:00
parent f9f57e9122 9bd00c9e1e
commit 251036c6b4
10 changed files with 156 additions and 19 deletions
--- a/python/ql/test/experimental/meta/RemoteFlowSourceTest.qll
+++ b/python/ql/test/experimental/meta/RemoteFlowSourceTest.qll
@@ -0,0 +1,20 @@
+import python
+import semmle.python.dataflow.new.RemoteFlowSources
+import TestUtilities.InlineExpectationsTest
+private import semmle.python.dataflow.new.internal.PrintNode
+
+module SourceTest implements TestSig {
+  string getARelevantTag() { result = "source" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(location.getFile().getRelativePath()) and
+    exists(RemoteFlowSource rfs |
+      location = rfs.getLocation() and
+      element = rfs.toString() and
+      value = prettyNode(rfs) and
+      tag = "source"
+    )
+  }
+}
+
+import MakeTest<SourceTest>
--- a/python/ql/test/library-tests/frameworks/gradio/source_test.ql
+++ b/python/ql/test/library-tests/frameworks/gradio/source_test.ql
@@ -1,20 +1,2 @@
 import python
-import semmle.python.dataflow.new.RemoteFlowSources
-import TestUtilities.InlineExpectationsTest
-private import semmle.python.dataflow.new.internal.PrintNode
-
-module SourceTest implements TestSig {
-  string getARelevantTag() { result = "source" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(location.getFile().getRelativePath()) and
-    exists(RemoteFlowSource rfs |
-      location = rfs.getLocation() and
-      element = rfs.toString() and
-      value = prettyNode(rfs) and
-      tag = "source"
-    )
-  }
-}
-
-import MakeTest<SourceTest>
+import experimental.meta.RemoteFlowSourceTest
--- a/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/library-tests/frameworks/streamlit/rfs-test.expected
+++ b/python/ql/test/library-tests/frameworks/streamlit/rfs-test.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/python/ql/test/library-tests/frameworks/streamlit/rfs-test.ql
+++ b/python/ql/test/library-tests/frameworks/streamlit/rfs-test.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.RemoteFlowSourceTest
--- a/python/ql/test/library-tests/frameworks/streamlit/test.py
+++ b/python/ql/test/library-tests/frameworks/streamlit/test.py
@@ -0,0 +1,27 @@
+import streamlit as st
+
+# Streamlit sources
+inp = st.text_input("Query the database") # $ source=st.text_input(..)
+area = st.text_area("Area") # $ source=st.text_area(..)
+chat = st.chat_input("Chat") # $ source=st.chat_input(..)
+
+# Initialize connection.
+conn = st.connection("postgresql", type="sql")
+
+# SQL injection sink
+q = conn.query("some sql")  # $ getSql="some sql"
+
+# SQLAlchemy connection
+c = conn.connect()
+
+c.execute("other sql")  # $ getSql="other sql"
+
+# SQL Alchemy session
+s = conn.session
+
+s.execute("yet another sql")  # $ getSql="yet another sql"
+
+# SQL Alchemy engine
+e = st.connection("postgresql", type="sql")
+
+e.engine.connect().execute("yet yet another sql")  # $ getSql="yet yet another sql"