Added SQL injection detection for exec method embeded Express client from hdbext.

2026-04-28 18:25:24 +02:00 · 2025-03-25 18:39:54 +01:00
parent 7cc0634f57
commit 4cdc40d115
3 changed files with 5 additions and 1 deletions
--- a/javascript/ql/lib/ext/hana-db-client.model.yml
+++ b/javascript/ql/lib/ext/hana-db-client.model.yml
@@ -7,3 +7,4 @@ extensions:
      - ["hdb", "Member[createClient].ReturnValue.Member[exec,prepare,execute].Argument[0]", "sql-injection"]
      - ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"]
      - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"]
+      - ["express", "ReturnValue.Member[get].Argument[1].Parameter[0].Member[db].Member[exec].Argument[0]", "sql-injection"]