mirror of
https://github.com/github/codeql.git
synced 2026-06-18 03:11:07 +02:00
77099fe9d0
The two queries in CWE-020 are used for manual evaluation (is my understanding), and the two IDE queries should work based on their tags, and not on the query-id.
18 lines
680 B
Plaintext
18 lines
680 B
Plaintext
/**
|
|
* @name Frequency counts for external APIs that are used with untrusted data
|
|
* @description This reports the external APIs that are used with untrusted data, along with how
|
|
* frequently the API is called, and how many unique sources of untrusted data flow
|
|
* to it.
|
|
* @id py/count-untrusted-data-external-api
|
|
* @kind table
|
|
* @tags security external/cwe/cwe-20
|
|
*/
|
|
|
|
import python
|
|
import ExternalAPIs
|
|
|
|
from ExternalAPIUsedWithUntrustedData externalAPI
|
|
select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
|
|
externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
|
|
numberOfUntrustedSources desc
|