hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add documentation and refactor code

Browse Source
This commit is contained in:
thank_you
2021-04-15 15:22:15 -04:00
parent f1e71e21ed
commit a854fb8f8b
1 changed files with 37 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
View File

@@ -7,9 +7,14 @@ private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.ApiGraphs
private import semmle.python.Concepts
private module SqlAlchemy {
/**
* An instantization of a SqlAlchemy Session object.
* See https://docs.sqlalchemy.org/en/14/orm/session_api.html#sqlalchemy.orm.Session and
* https://docs.sqlalchemy.org/en/14/orm/session_api.html#sqlalchemy.orm.sessionmaker
*/
private class SqlAlchemySessionInstance extends API::Node {
SqlAlchemySessionInstance() {
this in [
@@ -18,26 +23,40 @@ private module SqlAlchemy {
]
}
override string toString() { result = "Use of SqlAlchemy Session instance method" }
override string toString() { result = "Use of SqlAlchemy Session instantization" }
}
/**
* An instantization of a SqlAlchemy Engine object.
* See https://docs.sqlalchemy.org/en/14/core/engines.html#sqlalchemy.create_engine
*/
private class SqlAlchemyEngineInstance extends API::Node {
SqlAlchemyEngineInstance() {
this = API::moduleImport("sqlalchemy").getMember("create_engine").getReturn()
}
override string toString() { result = "Use of SqlAlchemy Engine instance method" }
override string toString() { result = "Use of SqlAlchemy create_engine member" }
}
/**
* An instantization of a SqlAlchemy Query object.
* See https://docs.sqlalchemy.org/en/14/orm/query.html?highlight=query#sqlalchemy.orm.Query
*/
private class SqlAlchemyQueryInstance extends API::Node {
SqlAlchemyQueryInstance() {
this instanceof SqlAlchemySessionInstance and
this = this.getMember("query").getReturn()
this = any(SqlAlchemySessionInstance sessionInstance).getMember("query").getReturn()
}
override string toString() { result = "Use of SqlAlchemy Query instance method" }
override string toString() { result = "Use of SqlAlchemy Session Query member" }
}
/**
* A call to `execute` meant to execute an SQL expression
* See the following links:
* - https://docs.sqlalchemy.org/en/14/core/connections.html?highlight=execute#sqlalchemy.engine.Connection.execute
* - https://docs.sqlalchemy.org/en/14/core/connections.html?highlight=execute#sqlalchemy.engine.Engine.execute
* - https://docs.sqlalchemy.org/en/14/orm/session_api.html?highlight=execute#sqlalchemy.orm.Session.execute
*/
private class SqlAlchemyExecuteCall extends DataFlow::CallCfgNode, SqlExecution::Range {
SqlAlchemyExecuteCall() {
exists(SqlAlchemySessionInstance sessionInstance, SqlAlchemyEngineInstance engineInstance |
@@ -50,19 +69,27 @@ private module SqlAlchemy {
override DataFlow::Node getSql() { result = this.getArg(0) }
}
/**
* A call to `scalar` meant to execute an SQL expression
* See https://docs.sqlalchemy.org/en/14/orm/session_api.html#sqlalchemy.orm.Session.scalar and
* https://docs.sqlalchemy.org/en/14/core/connections.html?highlight=scalar#sqlalchemy.engine.Engine.scalar
*/
private class SqlAlchemyScalarCall extends DataFlow::CallCfgNode, SqlExecution::Range {
SqlAlchemyScalarCall() {
exists(SqlAlchemySessionInstance sessionInstance |
this = sessionInstance.getMember("scalar").getACall()
)
this = any(SqlAlchemySessionInstance sessionInstance).getMember("scalar").getACall() or
this = any(SqlAlchemyEngineInstance engineInstance).getMember("scalar").getACall()
}
override DataFlow::Node getSql() { result = this.getArg(0) }
}
/**
* A call on a Query object
* See https://docs.sqlalchemy.org/en/14/orm/query.html?highlight=query#sqlalchemy.orm.Query
*/
private class SqlAlchemyQueryCall extends DataFlow::CallCfgNode, SqlExecution::Range {
SqlAlchemyQueryCall() {
exists(SqlAlchemyQueryInstance queryInstance | this = queryInstance.getAMember().getACall())
this = any(SqlAlchemyQueryInstance queryInstance).getAMember().getACall()
}
override DataFlow::Node getSql() { result = this.getArg(0) }