Python: Ignore relatively safe arguments of extra

2025-12-18 01:33:15 +01:00 · 2020-10-21 13:15:46 +02:00
parent 6805fb63cc
commit 2c855c739b
1 changed files with 1 additions and 2 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/Django.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Django.qll
@@ -341,8 +341,7 @@ private module Django {

    override DataFlow::Node getSql() {
      result.asCfgNode() =
-        [node.getArg([0 .. 5]),
-            node.getArgByName(["select", "where", "params", "tables", "order_by", "select_params"])]
+        [node.getArg([0 .. 5]), node.getArgByName(["select", "where", "tables", "order_by"])]
    }
  }
 }