recognize more modelled database accesses

2026-04-30 19:26:02 +02:00 · 2021-12-10 14:54:59 +01:00
parent b0f6cf1491
commit cfd2dcffa0
1 changed files with 3 additions and 2 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
@@ -200,8 +200,9 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
    or
    call instanceof FileSystemAccess and reason instanceof FileSystemAccessReason
    or
-    // TODO database accesses are less well defined than database query sinks, so this may cover unmodeled sinks
-    call instanceof DatabaseAccess and reason instanceof DatabaseAccessReason
+    // TODO database accesses are less well defined than database query sinks, so this may cover unmodeled sinks on existing database models
+    [call, call.getAMethodCall() /* command pattern where the query is built, and then exec'ed later */] instanceof DatabaseAccess and
+    reason instanceof DatabaseAccessReason
    or
    call = DOM::domValueRef() and reason instanceof DOMReason
    or