hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: fix query file

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2023-09-28 12:34:10 +02:00
parent 3fb579eaff
commit d90630aa66
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/Security/CWE-943/NoSQLInjection.ql
View File

@@ -4,17 +4,17 @@
* malicious NoSQL code by the user. * malicious NoSQL code by the user.
* @kind path-problem * @kind path-problem
* @problem.severity error * @problem.severity error
* @security-severity 8.8
* @id py/nosql-injection * @id py/nosql-injection
* @tags security * @tags security
* experimental
* external/cwe/cwe-943 * external/cwe/cwe-943
*/ */
import python import python
import semmle.python.security.dataflow.NoSQLInjectionQuery import semmle.python.security.dataflow.NoSQLInjectionQuery
import Flow::PathGraph import NoSqlInjectionFlow::PathGraph
from Flow::PathNode source, Flow::PathNode sink from NoSqlInjectionFlow::PathNode source, NoSqlInjectionFlow::PathNode sink
where Flow::flowPath(source, sink) where NoSqlInjectionFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This NoSQL query contains an unsanitized $@.", source, select sink.getNode(), source, sink, "This NoSQL query contains an unsanitized $@.", source,
"user-provided value" "user-provided value"