hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: model sqlite3

Browse Source
This commit is contained in:
Alex Ford
2023-04-17 00:35:50 +01:00
parent 94e0828ab9
commit 9dc04f30ac
4 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ruby/ql/test/library-tests/frameworks/sqlite3/Sqlite3.expected Normal file
View File

@@ -0,0 +1,8 @@
sqlite3SqlConstruction
| sqlite3.rb:5:1:5:17 | call to execute | sqlite3.rb:5:12:5:17 | <<-SQL |
| sqlite3.rb:12:8:12:41 | call to prepare | sqlite3.rb:12:19:12:41 | "select * from numbers" |
| sqlite3.rb:17:3:19:5 | call to execute | sqlite3.rb:17:15:17:35 | "select * from table" |
sqlite3SqlExecution
| sqlite3.rb:5:1:5:17 | call to execute | sqlite3.rb:5:12:5:17 | <<-SQL |
| sqlite3.rb:14:1:14:12 | call to execute | sqlite3.rb:12:8:12:9 | db |
| sqlite3.rb:17:3:19:5 | call to execute | sqlite3.rb:17:15:17:35 | "select * from table" |

7
ruby/ql/test/library-tests/frameworks/sqlite3/Sqlite3.ql Normal file
View File

@@ -0,0 +1,7 @@
private import codeql.ruby.DataFlow
private import codeql.ruby.Concepts
private import codeql.ruby.frameworks.Sqlite3
query predicate sqlite3SqlConstruction(SqlConstruction c, DataFlow::Node sql) { sql = c.getSql() }
query predicate sqlite3SqlExecution(SqlExecution e, DataFlow::Node sql) { sql = e.getSql() }

20
ruby/ql/test/library-tests/frameworks/sqlite3/sqlite3.rb Normal file
View File

@@ -0,0 +1,20 @@
require 'sqlite3'
db = SQLite3::Database.new "test.db"
db.execute <<-SQL
create table numbers (
name varchar(30),
val int
);
SQL
stmt = db.prepare "select * from numbers"
stmt.execute
SQLite3::Database.new( "data.db" ) do |db|
db.execute( "select * from table" ) do |row|
p row
end
end