hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add relevant PyMongo sink methods

Browse Source
This commit is contained in:
Your Name
2021-04-05 14:23:56 -04:00
parent 9072d19cda
commit be9a3a95b1
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
View File

@@ -11,9 +11,14 @@ private import experimental.semmle.python.Concepts
private import semmle.python.ApiGraphs
private module NoSQL {
// more methods?
private class PyMongoMethods extends string {
PyMongoMethods() { this in ["find_one"] }
// These are all find-keyword relevant PyMongo collection level operation methods
PyMongoMethods() {
this in [
"find", "find_raw_batches", "find_one", "find_one_and_delete", "find_and_modify",
"find_one_and_replace", "find_one_and_update"
]
}
}
private class PyMongoClientCall extends DataFlow::CallCfgNode, NoSQLQuery::Range {
@@ -30,9 +35,8 @@ private module NoSQL {
override DataFlow::Node getQueryNode() { result = this.getArg(0) }
}
// more methods?
private class PyMongoFlaskMethods extends string {
PyMongoFlaskMethods() { this in ["find"] }
PyMongoFlaskMethods() { this in ["find_one_or_404"] }
}
private class PyMongoFlaskCall extends DataFlow::CallCfgNode, NoSQLQuery::Range {
@@ -62,7 +66,6 @@ private module NoSQL {
override DataFlow::Node getQueryNode() { result = this.getArg(0) }
}
// more sanitizer libs?
private class MongoSanitizerCall extends DataFlow::CallCfgNode, NoSQLSanitizer::Range {
MongoSanitizerCall() {
this =