Files
codeql/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql
2025-04-30 16:43:03 +01:00

25 lines
854 B
Plaintext

/**
* @name Untrusted data passed to external API
* @description Data provided remotely is used in this external API without sanitization, which could be a security risk.
* @id py/untrusted-data-to-external-api
* @kind path-problem
* @precision low
* @problem.severity error
* @security-severity 7.8
* @tags security external/cwe/cwe-020
*/
import python
import ExternalAPIs
import UntrustedDataToExternalApiFlow::PathGraph
from
UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink,
ExternalApiUsedWithUntrustedData externalApi
where
sink.getNode() = externalApi.getUntrustedDataNode() and
UntrustedDataToExternalApiFlow::flowPath(source, sink)
select sink.getNode(), source, sink,
"Call to " + externalApi.toString() + " with untrusted data from $@.", source.getNode(),
source.toString()