Skip to content

Commit ed5a386

Browse files
yoffyoff
committed
Python: add concept SqlCopnstruction 
1 parent e904e74 commit ed5a386

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

python/ql/lib/semmle/python/Concepts.qll

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -326,9 +326,47 @@ module CodeExecution {
326326
}
327327
}
328328

329+
/**
330+
* A data-flow node that constructs an SQL statement.
331+
* Often, it is worthy of an alert if an SQL statement is constructed such that
332+
* executing it would be a security risk.
333+
*
334+
* If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
335+
*
336+
* Extend this class to refine existing API models. If you want to model new APIs,
337+
* extend `SqlConstruction::Range` instead.
338+
*/
339+
class SqlConstruction extends DataFlow::Node {
340+
SqlConstruction::Range range;
341+
342+
SqlConstruction() { this = range }
343+
344+
/** Gets the argument that specifies the SQL statements to be executed. */
345+
DataFlow::Node getSql() { result = range.getSql() }
346+
}
347+
348+
/** Provides a class for modeling new SQL execution APIs. */
349+
module SqlConstruction {
350+
/**
351+
* A data-flow node that constructs an SQL statement.
352+
* Often, it is worthy of an alert if an SQL statement is constructed such that
353+
* executing it would be a security risk.
354+
*
355+
* Extend this class to model new APIs. If you want to refine existing API models,
356+
* extend `SqlExecution` instead.
357+
*/
358+
abstract class Range extends DataFlow::Node {
359+
/** Gets the argument that specifies the SQL statements to be executed. */
360+
abstract DataFlow::Node getSql();
361+
}
362+
}
363+
329364
/**
330365
* A data-flow node that executes SQL statements.
331366
*
367+
* If the context of interest is such that merely constructing an SQL statement
368+
* would be valuabe to report, then consider using `SqlConstruction`.
369+
*
332370
* Extend this class to refine existing API models. If you want to model new APIs,
333371
* extend `SqlExecution::Range` instead.
334372
*/
@@ -346,6 +384,9 @@ module SqlExecution {
346384
/**
347385
* A data-flow node that executes SQL statements.
348386
*
387+
* If the context of interest is such that merely constructing an SQL statement
388+
* would be valuabe to report, then consider using `SqlConstruction`.
389+
*
349390
* Extend this class to model new APIs. If you want to refine existing API models,
350391
* extend `SqlExecution` instead.
351392
*/

0 commit comments

Comments
 (0)