Added createProcStatement as potential sql sink.

2026-05-05 05:35:13 +02:00 · 2025-03-25 14:50:38 +01:00
parent 0285cb6c7a
commit 7cc0634f57
3 changed files with 5 additions and 1 deletions
--- a/javascript/ql/lib/ext/hana-db-client.model.yml
+++ b/javascript/ql/lib/ext/hana-db-client.model.yml
@@ -6,3 +6,4 @@ extensions:
      - ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"]
      - ["hdb", "Member[createClient].ReturnValue.Member[exec,prepare,execute].Argument[0]", "sql-injection"]
      - ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"]
+      - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"]