Merge pull request #11207 from github/nickrolfe/arel-sql

Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
2025-12-24 04:36:35 +01:00 · 2022-11-14 10:21:37 +00:00
parent dd525a4f9b be60a871a3
commit 83b3312467
12 changed files with 161 additions and 21 deletions
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -311,7 +311,7 @@ module CodeExecution {
 * Often, it is worthy of an alert if an SQL statement is constructed such that
 * executing it would be a security risk.
 *
- * If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
+ * If it is important that the SQL statement is indeed executed, then use `SqlExecution`.
 *
 * Extend this class to refine existing API models. If you want to model new APIs,
 * extend `SqlConstruction::Range` instead.
@@ -329,7 +329,7 @@ module SqlConstruction {
   * Often, it is worthy of an alert if an SQL statement is constructed such that
   * executing it would be a security risk.
   *
-   * If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
+   * If it is important that the SQL statement is indeed executed, then use `SqlExecution`.
   *
   * Extend this class to model new APIs. If you want to refine existing API models,
   * extend `SqlConstruction` instead.