Add Pandas SQLi sinks

2026-04-24 08:15:14 +02:00 · 2025-05-27 13:10:39 +02:00
parent a519eabd4d
commit 84228e0ec8
3 changed files with 20 additions and 3 deletions
--- a/python/ql/lib/semmle/python/frameworks/Pandas.qll
+++ b/python/ql/lib/semmle/python/frameworks/Pandas.qll
@@ -151,4 +151,15 @@ private module Pandas {

    override DataFlow::Node getCode() { result = this.getParameter(0, "expr").asSink() }
  }
+
+  /**
+   * A Call to `pandas.read_sql` or `pandas.read_sql_query`
+   * which allows for executing raw SQL queries against a database.
+   * See https://pandas.pydata.org/docs/reference/api/pandas.read_sql.html
+   */
+  class ReadSQLCall extends SqlExecution::Range, DataFlow::CallCfgNode {
+    ReadSQLCall() { this = API::moduleImport("pandas").getMember(["read_sql", "read_sql_query"]).getACall() }
+
+    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
+  }
 }