Python: support psycopg

python/ql/src/semmle/python/Frameworks.qll

@@ -9,5 +9,6 @@ private import semmle.python.frameworks.Flask
 private import semmle.python.frameworks.Invoke
 private import semmle.python.frameworks.MySQLdb
 private import semmle.python.frameworks.MysqlConnectorPython
+private import semmle.python.frameworks.Psycopg
 private import semmle.python.frameworks.Stdlib
 private import semmle.python.frameworks.Yaml

python/ql/src/semmle/python/frameworks/Psycopg.qll

@@ -0,0 +1,39 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `Psycopg` PyPI package.
+ * See
+ * - https://www.psycopg.org/docs/
+ * - https://pypi.org/project/psycopg2/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import PEP249
+
+/**
+ * Provides models for the `Psycopg` PyPI package.
+ * See
+ * - https://www.psycopg.org/docs/
+ * - https://pypi.org/project/psycopg2/
+ */
+module Psycopg {
+  // ---------------------------------------------------------------------------
+  // Psycopg
+  // ---------------------------------------------------------------------------
+  /** Gets a reference to the `Psycopg` module. */
+  private DataFlow::Node modulePsycopg(DataFlow::TypeTracker t) {
+    t.start() and
+    result = DataFlow::importNode("psycopg2")
+    or
+    exists(DataFlow::TypeTracker t2 | result = modulePsycopg(t2).track(t2, t))
+  }
+
+  /** Gets a reference to the `Psycopg` module. */
+  DataFlow::Node modulePsycopg() { result = modulePsycopg(DataFlow::TypeTracker::end()) }
+
+  /** Psycopg implements PEP 249, providing ways to execute SQL statements against a database. */
+  class Psycopg extends PEP249Module {
+    Psycopg() { this = modulePsycopg() }
+  }
+}