mirror of
https://github.com/github/codeql.git
synced 2026-01-29 22:32:58 +01:00
d0061bfd4b
This PR adds support for MongoDB injection to the existing SQL injection query. This models the official Golang MongoDB driver. A brief summary of changes made in this query are : 1. A `NoSQL.qll` files has been created to model a `NoSQLQueryString`. 2. An entry is added in `go.qll` by default as I find these changes may be generally useful. 3. Library tests along with there expected outputs are added. 4. Query tests are added. However, I am unable to add the expected output as qltest can't find depstubber. However, these can be easily added. I have created a separate codeql-go database with the same files and ran the query against the same. I can see there should be 14 correct results added from this PR.
15 lines
466 B
Plaintext
15 lines
466 B
Plaintext
| main.go:24:22:24:29 | pipeline |
|
|
| main.go:27:27:27:32 | filter |
|
|
| main.go:29:23:29:28 | filter |
|
|
| main.go:30:22:30:27 | filter |
|
|
| main.go:32:32:32:37 | filter |
|
|
| main.go:35:17:35:22 | filter |
|
|
| main.go:36:20:36:25 | filter |
|
|
| main.go:37:29:37:34 | filter |
|
|
| main.go:38:30:38:35 | filter |
|
|
| main.go:39:29:39:34 | filter |
|
|
| main.go:45:23:45:28 | filter |
|
|
| main.go:47:23:47:28 | filter |
|
|
| main.go:48:22:48:27 | filter |
|
|
| main.go:49:18:49:25 | pipeline |
|