Merge pull request #19444 from Napalys/python/hdbcli

Python: modeling of `hdbcli`
2026-04-26 09:15:12 +02:00 · 2025-05-01 17:58:31 +02:00
parent 40f80ff4e7 da7c0931b8
commit f652686607
7 changed files with 41 additions and 0 deletions
--- a/python/ql/lib/change-notes/2025-05-01-hdbcli.md
+++ b/python/ql/lib/change-notes/2025-05-01-hdbcli.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added modeling for the `hdbcli` PyPI package as a database library implementing PEP 249.
--- a/python/ql/lib/semmle/python/Frameworks.qll
+++ b/python/ql/lib/semmle/python/Frameworks.qll
@@ -35,6 +35,7 @@ private import semmle.python.frameworks.FlaskAdmin
 private import semmle.python.frameworks.FlaskSqlAlchemy
 private import semmle.python.frameworks.Genshi
 private import semmle.python.frameworks.Gradio
+private import semmle.python.frameworks.Hdbcli
 private import semmle.python.frameworks.Httpx
 private import semmle.python.frameworks.Idna
 private import semmle.python.frameworks.Invoke
--- a/python/ql/lib/semmle/python/frameworks/Hdbcli.qll
+++ b/python/ql/lib/semmle/python/frameworks/Hdbcli.qll
@@ -0,0 +1,24 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `hdbcli` PyPI package.
+ * See https://pypi.org/project/hdbcli/
+ */
+
+private import python
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `hdbcli` PyPI package.
+ * See https://pypi.org/project/hdbcli/
+ */
+private module Hdbcli {
+  /**
+   * A model of `hdbcli` as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class HdbcliPEP249 extends PEP249::PEP249ModuleApiNode {
+    HdbcliPEP249() { this = API::moduleImport("hdbcli").getMember("dbapi") }
+  }
+}
--- a/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.expected
--- a/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/library-tests/frameworks/hdbcli/pep249.py
+++ b/python/ql/test/library-tests/frameworks/hdbcli/pep249.py
@@ -0,0 +1,9 @@
+from hdbcli import dbapi
+
+conn = dbapi.connect(address="hostname", port=300, user="username", password="password")
+cursor = conn.cursor()
+
+cursor.execute("some sql", (42,))  # $ getSql="some sql"
+cursor.executemany("some sql", (42,))  # $ getSql="some sql"
+    
+cursor.close()