hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 09:18:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,493 Commits 1,718 Branches 163 Tags
ba99e218754b6668fb8d1122f94efba8813dd4e1
Commit Graph

11 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
91442e100c Python: Model sessionmaker().begin() 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
feb2303e1f Python: Model the underlying DB-API connection 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
1ab04a7276 Python: Model Connection.execution_options 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
2acf518037 Python: Model exec_driver_sql 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
fe143c7dfa Python: Rewrite most of SQLAlchemy modeling 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
b39bb24fcf Python: Add more SQLAlchemy tests 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
a5a7f3e38a Python: Add taint-step for sqlalchemy.text 2021-06-29 11:06:25 +02:00
Rasmus Wriedt Larsen
ef48734206 Python: Add taint-tests for SQLAlchemy 2021-06-29 11:03:40 +02:00
Rasmus Wriedt Larsen
cb112395f8 Python: Fixup after merging main 2021-06-29 11:02:43 +02:00
Rasmus Wriedt Larsen
eac1c5d109 Python: Fix concepts-tests for SQLAlchemy 2021-06-29 10:58:28 +02:00
thank_you
3ace49549a Add tests for SqlAlchemy modeling library 
After researching SqlAlchemy and it's various query methods, I discovered several types of SQL injection possibilities.

The SQLExecution.py file contains these examples and can be broken up into two types of injections. Injections requiring the text() taint-step and injections NOT requiring the text() taint step.
 2021-05-10 16:12:15 -04:00