Python: Remove modeling of sqlescapy PyPI package

I've never seen this being used in real code, and this library doesn't have a lot of traction, so I would rather not commit to supporting it (which includes verifying that it actually makes things safe). Personally I don't think this is the right approach for avoiding SQL injection either.
2026-04-30 11:15:13 +02:00 · 2021-09-01 20:43:18 +02:00
parent 91442e100c
commit ba99e21875
1 changed files with 0 additions and 13 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
@@ -312,19 +312,6 @@ private module SqlAlchemy {
      )
    }
  }
-
-  /**
-   * Gets a reference to `sqlescapy.sqlescape`.
-   *
-   * See https://pypi.org/project/sqlescapy/
-   */
-  class SQLEscapySanitizerCall extends DataFlow::CallCfgNode, SQLEscape::Range {
-    SQLEscapySanitizerCall() {
-      this = API::moduleImport("sqlescapy").getMember("sqlescape").getACall()
-    }
-
-    override DataFlow::Node getAnInput() { result = this.getArg(0) }
-  }
 }

 private module OldModeling {