mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
91f269ed7b
This would find instances of `thing = MyThing.objects.get(field=userinput)`, and what seems to be a query that wants to match on `thing = MyThing(); thing.field=userinput`. Both are not vulnerable to user-input, due to the build-in escaping by django. The DjangoModelFieldWrite actually matches on `MyThing.field=userinput` and not `thing.field=userinput`. I suspect this to be a mistake. Matching on `thing.field=userinput`, would require this CodeQL: attr.getObject(_).pointsTo().getClass() = model