Merge pull request #10778 from sylwia-budzynska/python-db-models

Python: Add cx_Oracle, phoenixdb, pyodbc models

python/ql/lib/semmle/python/Frameworks.qll

@@ -12,6 +12,7 @@ private import semmle.python.frameworks.Asyncpg
 private import semmle.python.frameworks.ClickhouseDriver
 private import semmle.python.frameworks.Cryptodome
 private import semmle.python.frameworks.Cryptography
+private import semmle.python.frameworks.Cx_Oracle
 private import semmle.python.frameworks.data.ModelsAsData
 private import semmle.python.frameworks.Dill
 private import semmle.python.frameworks.Django
@@ -33,12 +34,15 @@ private import semmle.python.frameworks.MarkupSafe
 private import semmle.python.frameworks.Multidict
 private import semmle.python.frameworks.Mysql
 private import semmle.python.frameworks.MySQLdb
+private import semmle.python.frameworks.Oracledb
 private import semmle.python.frameworks.Peewee
+private import semmle.python.frameworks.Phoenixdb
 private import semmle.python.frameworks.Psycopg2
 private import semmle.python.frameworks.Pycurl
 private import semmle.python.frameworks.Pydantic
 private import semmle.python.frameworks.Pymssql
 private import semmle.python.frameworks.PyMySQL
+private import semmle.python.frameworks.Pyodbc
 private import semmle.python.frameworks.Requests
 private import semmle.python.frameworks.RestFramework
 private import semmle.python.frameworks.Rsa

python/ql/lib/semmle/python/frameworks/Cx_Oracle.qll

@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `cx_Oracle` PyPI package.
+ *
+ * See
+ * - https://github.com/oracle/python-cx_Oracle
+ * - https://pypi.org/project/cx-Oracle/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `cx_Oracle` PyPI package.
+ *
+ * See
+ * - https://github.com/oracle/python-cx_Oracle
+ * - https://pypi.org/project/cx-Oracle/
+ */
+private module Cx_Oracle {
+  /**
+   * A model for Cx_Oracle as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class Cx_Oracle extends PEP249::PEP249ModuleApiNode {
+    Cx_Oracle() { this = API::moduleImport("cx_Oracle") }
+  }
+}

python/ql/lib/semmle/python/frameworks/Oracledb.qll

@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `oracledb` PyPI package.
+ *
+ * See
+ * - https://python-oracledb.readthedocs.io/en/latest/index.html
+ * - https://pypi.org/project/oracledb/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `oracledb` PyPI package.
+ *
+ * See
+ * - https://python-oracledb.readthedocs.io/en/latest/index.html
+ * - https://pypi.org/project/oracledb/
+ */
+private module Oracledb {
+  /**
+   * A model for oracledb as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class Oracledb extends PEP249::PEP249ModuleApiNode {
+    Oracledb() { this = API::moduleImport("oracledb") }
+  }
+}

python/ql/lib/semmle/python/frameworks/Phoenixdb.qll

@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `phoenixdb` PyPI package.
+ *
+ * See
+ * - https://github.com/apache/phoenix-queryserver/tree/master/python-phoenixdb
+ * - https://pypi.org/project/phoenixdb/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `phoenixdb` PyPI package.
+ *
+ * See
+ * - https://github.com/apache/phoenix-queryserver/tree/master/python-phoenixdb
+ * - https://pypi.org/project/phoenixdb/
+ */
+private module Phoenixdb {
+  /**
+   * A model for Phoenixdb as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class Phoenixdb extends PEP249::PEP249ModuleApiNode {
+    Phoenixdb() { this = API::moduleImport("phoenixdb") }
+  }
+}

python/ql/lib/semmle/python/frameworks/Pyodbc.qll

@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `pyodbc` PyPI package.
+ *
+ * See
+ * - https://github.com/mkleehammer/pyodbc/wiki
+ * - https://pypi.org/project/pyodbc/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `pyodbc` PyPI package.
+ *
+ * See
+ * - https://github.com/mkleehammer/pyodbc/wiki
+ * - https://pypi.org/project/pyodbc/
+ */
+private module Pyodbc {
+  /**
+   * A model for Pyodbc as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class Pyodbc extends PEP249::PEP249ModuleApiNode {
+    Pyodbc() { this = API::moduleImport("pyodbc") }
+  }
+}