hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(rust): Add ModelsAsDataSinks for SQL Injection

Browse Source
This commit is contained in:
Mathew Payne
2025-01-20 12:14:34 +00:00
parent 2d0c73acfe
commit cba1c58dd7
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
View File

@@ -6,6 +6,7 @@
import rust
private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.internal.DataFlowImpl
private import codeql.rust.Concepts
private import codeql.util.Unit
@@ -47,4 +48,11 @@ module SqlInjection {
class SqlExecutionAsSink extends Sink {
SqlExecutionAsSink() { this = any(SqlExecution e).getSql() }
}
/** A sink for sql-injection from model data. */
private class ModelsAsDataSinks extends Sink {
ModelsAsDataSinks() {
sinkNode(this, "sql-injection")
}
}
}