hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #55 from microsoft/dilan/chanel-sql-tedious

Browse Source 
Chanel PR (SQL Tedious Package)
This commit is contained in:
Chanel
2024-02-28 11:13:22 -08:00
committed by GitHub
parent fd51a7dbc1 8e05f2a1f0
commit bbdf97e8f3
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
View File

@@ -454,3 +454,27 @@ private module SpannerCsv {
}
}
}
/**
* Provides classes modeling the `tedious` package.
*/
private module Tedious {
API::Node tedious() { result = API::moduleImport("tedious")}
class QueryCall extends DatabaseAccess, API::CallNode {
QueryCall(){
this = tedious().getMember("Connection").getInstance().getMember("execSql").getACall()
}
override DataFlow::Node getAQueryArgument(){
exists(API::NewNode request |
request = tedious().getMember("Request").getAnInstantiation() and
this.getParameter(0).asSink() = request.getReturn().getAValueReachableFromSource() and
result = request.getArgument(0)
)
}
}
class QueryString extends SQL::SqlString {
QueryString() {this = any(QueryCall qc).getAQueryArgument()}
}
}