hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Model sqlite3 as SQL interface

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-12-09 11:16:09 +01:00
parent 767a246edc
commit 36e8ef53eb
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
python/ql/src/semmle/python/frameworks/Stdlib.qll
View File

@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.Concepts
private import PEP249
/** Provides models for the Python standard library. */
private module Stdlib {
@@ -1032,6 +1033,29 @@ private module Stdlib {
override string getFormat() { result = "JSON" }
}
// ---------------------------------------------------------------------------
// sqlite3
// ---------------------------------------------------------------------------
/** Gets a reference to the `sqlite3` module. */
private DataFlow::Node sqlite3(DataFlow::TypeTracker t) {
t.start() and
result = DataFlow::importNode("sqlite3")
or
exists(DataFlow::TypeTracker t2 | result = sqlite3(t2).track(t2, t))
}
/** Gets a reference to the `sqlite3` module. */
DataFlow::Node sqlite3() { result = sqlite3(DataFlow::TypeTracker::end()) }
/**
* sqlite3 implements PEP 249, providing ways to execute SQL statements against a database.
*
* See https://devdocs.io/python~3.9/library/sqlite3
*/
class Sqlite3 extends PEP249Module {
Sqlite3() { this = sqlite3() }
}
}
// ---------------------------------------------------------------------------