mirror of
https://github.com/github/codeql.git
synced 2026-04-06 07:34:00 +02:00
30 lines
1.8 KiB
YAML
30 lines
1.8 KiB
YAML
extensions:
|
|
- addsTo:
|
|
pack: codeql/python-all
|
|
extensible: sinkModel
|
|
data:
|
|
# `Connection`s and `ConnectionPool`s provide some methods that execute SQL.
|
|
- ['asyncpg.~Connection', 'Member[copy_from_query,execute,fetch,fetchrow,fetchval].Argument[0,query:]', 'sql-injection']
|
|
- ['asyncpg.~Connection', 'Member[executemany].Argument[0,command:]', 'sql-injection']
|
|
# A model of `Connection` and `ConnectionPool`, which provide some methods that access the file system.
|
|
- ['asyncpg.~Connection', 'Member[copy_from_query,copy_from_table].Argument[output:]', 'path-injection']
|
|
- ['asyncpg.~Connection', 'Member[copy_to_table].Argument[source:]', 'path-injection']
|
|
# the `PreparedStatement` class in `asyncpg`.
|
|
- ['asyncpg.Connection', 'Member[prepare].Argument[0,query:]', 'sql-injection']
|
|
|
|
- addsTo:
|
|
pack: codeql/python-all
|
|
extensible: typeModel
|
|
data:
|
|
# a `ConnectionPool` that is created when the result of `asyncpg.create_pool()` is awaited.
|
|
- ['asyncpg.Connection', 'asyncpg.ConnectionPool', 'Member[acquire].ReturnValue.Awaited']
|
|
# a `Connection` that is created when
|
|
# * - the result of `asyncpg.connect()` is awaited.
|
|
# * - the result of calling `acquire` on a `ConnectionPool` is awaited.
|
|
- ['asyncpg.Connection', 'asyncpg', 'Member[connect].ReturnValue.Awaited']
|
|
- ['asyncpg.Connection', 'asyncpg', 'Member[connection].Member[connect].ReturnValue.Awaited']
|
|
- ['asyncpg.ConnectionPool', 'asyncpg', 'Member[create_pool].ReturnValue.Awaited']
|
|
# Creating an internal `~Connection` type that contains both `Connection` and `ConnectionPool`.
|
|
- ['asyncpg.~Connection', 'asyncpg.Connection', '']
|
|
- ['asyncpg.~Connection', 'asyncpg.ConnectionPool', '']
|