hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6589 from RasmusWL/promote-sqlalchemy

Browse Source 
Python: Promote modeling of SQLAlchemy
This commit is contained in:
yoff
2021-09-21 11:08:41 +02:00
committed by GitHub
parent 4a16be2cba f8e6ba633a
commit 4adb0c75bd
31 changed files with 1186 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/change-notes/2021-09-02-add-Flask-SQLAlchemy-modeling.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added modeling of SQL execution in the `Flask-SQLAlchemy` PyPI package, resulting in additional sinks for the SQL Injection query (`py/sql-injection`).

2
python/change-notes/2021-09-02-add-SQLAlchemy-modeling.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added modeling of SQL execution in the `SQLAlchemy` PyPI package, resulting in additional sinks for the SQL Injection query (`py/sql-injection`). This modeling was originally [submitted as a contribution by @mrthankyou](https://github.com/github/codeql/pull/5680).

2
python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Introduced a new query _SQLAlchemy TextClause built from user-controlled sources_ (`py/sqlalchemy-textclause-injection`) to alert if user-input is added to a TextClause from SQLAlchemy, since that can lead to SQL injection.