hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix flask_mongoengine Call

Browse Source
This commit is contained in:
jorgectf
2021-04-09 22:27:53 +02:00
parent 166385755a
commit 4615927eeb
1 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
View File

@@ -53,14 +53,25 @@ private module NoSQL {
override DataFlow::Node getQueryNode() { result = this.getArg(0) }
}
private class MongoEngineMethods extends string {
MongoEngineMethods() { this in ["mongoengine", "flask_mongoengine"] }
}
private class MongoEngineObjectsCall extends DataFlow::CallCfgNode, NoSQLQuery::Range {
MongoEngineObjectsCall() {
this =
API::moduleImport(any(MongoEngineMethods mongoEngineMethod))
API::moduleImport("mongoengine")
.getMember("Document")
.getASubclass()
.getMember("objects")
.getACall()
}
override DataFlow::Node getQueryNode() { result = this.getArgByName(any(string name)) }
}
private class MongoEngineObjectsFlaskCall extends DataFlow::CallCfgNode, NoSQLQuery::Range {
MongoEngineObjectsFlaskCall() {
this =
API::moduleImport("flask_mongoengine")
.getMember("MongoEngine")
.getReturn()
.getMember("Document")
.getASubclass()
.getMember("objects")