Python: List NoSQL injection sinks

2025-12-18 01:33:15 +01:00 · 2023-09-29 13:16:50 +02:00
parent 16e1a00e88
commit d7ad5a0f23
1 changed files with 4 additions and 0 deletions
--- a/python/ql/src/meta/alerts/TaintSinks.ql
+++ b/python/ql/src/meta/alerts/TaintSinks.ql
@@ -58,6 +58,10 @@ DataFlow::Node relevantTaintSink(string kind) {
    or
    kind = "RegexInjection" and result instanceof RegexInjection::Sink
    or
+    kind = "NoSqlInjection (string sink)" and result instanceof NoSqlInjection::StringSink
+    or
+    kind = "NoSqlInjection (dict sink)" and result instanceof NoSqlInjection::DictSink
+    or
    kind = "ServerSideRequestForgery" and result instanceof ServerSideRequestForgery::Sink
    or
    kind = "SqlInjection" and result instanceof SqlInjection::Sink