hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactored hana's DB client to use GuardedRouteHandler, improving precision.

Browse Source
This commit is contained in:
Napalys
2025-03-28 13:29:18 +01:00
parent f7264d82d4
commit f3af23e855
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/lib/ext/hana-db-client.model.yml
View File

@@ -4,7 +4,13 @@ extensions:
extensible: sinkModel extensible: sinkModel
data: data:
- ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"] - ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"]
- ["hdb", "Member[createClient].ReturnValue.Member[exec,prepare,execute].Argument[0]", "sql-injection"] - ["hdb.Client", "Member[exec,prepare,execute].Argument[0]", "sql-injection"]
- ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"] - ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"]
- ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"] - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"]
- ["express", "ReturnValue.Member[get].Argument[1].Parameter[0].Member[db].Member[exec].Argument[0]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["hdb.Client", "hdb", "Member[createClient].ReturnValue"]
- ["hdb.Client", "@sap/hdbext", "Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[0].Member[db]"]