hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add missing SQL query APIs.

Browse Source 
* executeLargeUpdate
 * prepareCall
This commit is contained in:
Luke Cartey
2019-08-29 15:00:02 +01:00
parent f980d20d6d
commit dfa371c65b
11 changed files with 252 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/src/semmle/code/java/frameworks/Jdbc.qll
View File

@@ -34,6 +34,14 @@ class ConnectionPrepareStatement extends Method {
}
}
/** A method with the name `prepareCall` declared in `java.sql.Connection`. */
class ConnectionPrepareCall extends Method {
ConnectionPrepareCall() {
getDeclaringType() instanceof TypeConnection and
hasName("prepareCall")
}
}
/** A method with the name `executeQuery` declared in `java.sql.Statement`. */
class StatementExecuteQuery extends Method {
StatementExecuteQuery() {
@@ -58,6 +66,14 @@ class MethodStatementExecuteUpdate extends Method {
}
}
/** A method with the name `executeLargeUpdate` declared in `java.sql.Statement`. */
class MethodStatementExecuteLargeUpdate extends Method {
MethodStatementExecuteLargeUpdate() {
getDeclaringType() instanceof TypeStatement and
hasName("executeLargeUpdate")
}
}
/** A method with the name `addBatch` declared in `java.sql.Statement`. */
class MethodStatementAddBatch extends Method {
MethodStatementAddBatch() {
@@ -87,9 +103,11 @@ class SqlExpr extends Expr {
method = call.getMethod() and
(
method instanceof ConnectionPrepareStatement or
method instanceof ConnectionPrepareCall or
method instanceof StatementExecuteQuery or
method instanceof MethodStatementExecute or
method instanceof MethodStatementExecuteUpdate or
method instanceof MethodStatementExecuteLargeUpdate or
method instanceof MethodStatementAddBatch
)
)