hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15457 from RasmusWL/psycopg

Browse Source 
Python: Model the `psycopg` package
This commit is contained in:
Rasmus Wriedt Larsen
2024-02-12 15:59:16 +01:00
committed by GitHub
parent 3d9f9afa77 5867fb3d29
commit cbb9a64bbb
6 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/lib/change-notes/2024-01-29-psycopg-modeling.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added modeling of the `psycopg` PyPI package as a SQL database library.

1
python/ql/lib/semmle/python/Frameworks.qll
View File

@@ -48,6 +48,7 @@ private import semmle.python.frameworks.Oracledb
private import semmle.python.frameworks.Pandas
private import semmle.python.frameworks.Peewee
private import semmle.python.frameworks.Phoenixdb
private import semmle.python.frameworks.Psycopg
private import semmle.python.frameworks.Psycopg2
private import semmle.python.frameworks.Pycurl
private import semmle.python.frameworks.Pydantic

32
python/ql/lib/semmle/python/frameworks/Psycopg.qll Normal file
View File

@@ -0,0 +1,32 @@
/**
* Provides classes modeling security-relevant aspects of the `psycopg` PyPI package.
* See
* - https://www.psycopg.org/psycopg3/docs/
* - https://pypi.org/project/psycopg/
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.Concepts
private import semmle.python.ApiGraphs
private import semmle.python.frameworks.PEP249
/**
* Provides models for the `psycopg` PyPI package.
* See
* - https://www.psycopg.org/psycopg3/docs/
* - https://pypi.org/project/psycopg/
*/
private module Psycopg {
// ---------------------------------------------------------------------------
// Psycopg
// ---------------------------------------------------------------------------
/**
* A model of `psycopg` as a module that implements PEP 249, providing ways to execute SQL statements
* against a database.
*/
class Psycopg extends PEP249::PEP249ModuleApiNode {
Psycopg() { this = API::moduleImport("psycopg") }
}
}

2
python/ql/test/library-tests/frameworks/psycopg/ConceptsTest.expected Normal file
View File

@@ -0,0 +1,2 @@
testFailures
failures

2
python/ql/test/library-tests/frameworks/psycopg/ConceptsTest.ql Normal file
View File

@@ -0,0 +1,2 @@
import python
import experimental.meta.ConceptsTest

14
python/ql/test/library-tests/frameworks/psycopg/pep249.py Normal file
View File

@@ -0,0 +1,14 @@
import psycopg
conn = psycopg.connect(...)
conn.execute("some sql", (42,)) # $ getSql="some sql"
cursor = conn.cursor()
cursor.execute("some sql", (42,)) # $ getSql="some sql"
cursor.executemany("some sql", [(42,)]) # $ getSql="some sql"
# as in their examples:
with psycopg.connect(...) as conn:
conn.execute("some sql", (42,)) # $ getSql="some sql"
with conn.cursor() as cursor:
cursor.execute("some sql", (42,)) # $ getSql="some sql"
cursor.executemany("some sql", [(42,)]) # $ getSql="some sql"