mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Merge tag 'codeql-cli/latest' into auto/sync-main-pr
Compatible with the latest released version of the CodeQL CLI
This commit is contained in:
dilanbhalla
@@ -1,3 +1,7 @@
|
||||
## 4.0.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 4.0.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
python/ql/lib/change-notes/released/4.0.9.md
Normal file
3
python/ql/lib/change-notes/released/4.0.9.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 4.0.9
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.0.8
|
||||
lastReleaseVersion: 4.0.9
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 4.0.8
|
||||
version: 4.0.9
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -151,4 +151,17 @@ private module Pandas {
|
||||
|
||||
override DataFlow::Node getCode() { result = this.getParameter(0, "expr").asSink() }
|
||||
}
|
||||
|
||||
/**
|
||||
* A Call to `pandas.read_sql` or `pandas.read_sql_query`
|
||||
* which allows for executing raw SQL queries against a database.
|
||||
* See https://pandas.pydata.org/docs/reference/api/pandas.read_sql.html
|
||||
*/
|
||||
class ReadSqlCall extends SqlExecution::Range, DataFlow::CallCfgNode {
|
||||
ReadSqlCall() {
|
||||
this = API::moduleImport("pandas").getMember(["read_sql", "read_sql_query"]).getACall()
|
||||
}
|
||||
|
||||
override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SQL injection models from the `pandas` PyPI package.
|
||||
|
||||
## 1.5.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
5
python/ql/src/change-notes/released/1.5.2.md
Normal file
5
python/ql/src/change-notes/released/1.5.2.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 1.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SQL injection models from the `pandas` PyPI package.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.1
|
||||
lastReleaseVersion: 1.5.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 1.5.1
|
||||
version: 1.5.2
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import pandas as pd
|
||||
|
||||
import sqlite3
|
||||
|
||||
df = pd.DataFrame({'temp_c': [17.0, 25.0]}, index=['Portland', 'Berkeley'])
|
||||
df.sample().query("query") # $getCode="query"
|
||||
@@ -55,11 +55,12 @@ df = pd.read_sql_table("filepath", 'postgres:///db_name')
|
||||
df.query("query") # $getCode="query"
|
||||
df.eval("query") # $getCode="query"
|
||||
|
||||
df = pd.read_sql_query("filepath", 'postgres:///db_name')
|
||||
connection = sqlite3.connect("pets.db")
|
||||
df = pd.read_sql_query("sql query", connection) # $getSql="sql query"
|
||||
df.query("query") # $getCode="query"
|
||||
df.eval("query") # $getCode="query"
|
||||
|
||||
df = pd.read_sql("filepath", 'postgres:///db_name')
|
||||
df = pd.read_sql("sql query", connection) # $getSql="sql query"
|
||||
df.query("query") # $getCode="query"
|
||||
df.eval("query") # $getCode="query"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user