hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: rewrite "clever" reverse lookup

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2021-10-25 13:40:45 +02:00
parent 5a02b3880e
commit cb61f87aa3
1 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
python/ql/lib/semmle/python/frameworks/Asyncpg.qll
View File

@@ -26,24 +26,22 @@ private module Asyncpg {
result = connectionPool().getMember("acquire").getReturn().getAwaited()
}
/** Reverse lookup of the query argument name for a query method. */
private string queryMethodName(string queryArg) {
result in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval"] and
queryArg = "query"
or
result = "executemany" and
queryArg = "command"
}
/** `Connection`s and `ConnectionPool`s provide some methods that execute SQL. */
class SqlExecutionOnConnection extends SqlExecution::Range, DataFlow::MethodCallNode {
string queryArg;
string methodName;
SqlExecutionOnConnection() {
this.calls([connectionPool().getAUse(), connection().getAUse()], queryMethodName(queryArg))
methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval", "executemany"] and
this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
}
override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName(queryArg)] }
override DataFlow::Node getSql() {
methodName in ["copy_from_query", "execute", "fetch", "fetchrow", "fetchval"] and
result in [this.getArg(0), this.getArgByName("query")]
or
methodName = "executemany" and
result in [this.getArg(0), this.getArgByName("command")]
}
}
/** Reverse lokup of the path argument name for a method accessing the file system. */
@@ -57,14 +55,21 @@ private module Asyncpg {
/** `Connection`s and `ConnectionPool`s provide some methods that access the file system. */
class FileAccessOnConnection extends FileSystemAccess::Range, DataFlow::MethodCallNode {
string pathArg;
string methodName;
FileAccessOnConnection() {
this.calls([connectionPool().getAUse(), connection().getAUse()], fileAccessMethodName(pathArg))
methodName in ["copy_from_query", "copy_from_table", "copy_to_table"] and
this.calls([connectionPool().getAUse(), connection().getAUse()], methodName)
}
// The path argument is keyword only.
override DataFlow::Node getAPathArgument() { result in [this.getArgByName(pathArg)] }
override DataFlow::Node getAPathArgument() {
methodName in ["copy_from_query", "copy_from_table"] and
result = this.getArgByName("output")
or
methodName = "copy_to_table" and
result = this.getArgByName("source")
}
}
/**