mirror of
https://github.com/github/codeql.git
synced 2026-01-30 06:42:57 +01:00
d0061bfd4b
This PR adds support for MongoDB injection to the existing SQL injection query. This models the official Golang MongoDB driver. A brief summary of changes made in this query are : 1. A `NoSQL.qll` files has been created to model a `NoSQLQueryString`. 2. An entry is added in `go.qll` by default as I find these changes may be generally useful. 3. Library tests along with there expected outputs are added. 4. Query tests are added. However, I am unable to add the expected output as qltest can't find depstubber. However, these can be easily added. I have created a separate codeql-go database with the same files and ran the query against the same. I can see there should be 14 correct results added from this PR.
6 lines
87 B
Plaintext
6 lines
87 B
Plaintext
import go
|
|
import semmle.go.frameworks.NoSQL
|
|
|
|
from NoSQL::NoSQLQueryString qs
|
|
select qs
|