Add StreamlitConnection model

Co-authored-by: yoff <[email protected]>

Author: sylwia-budzynska

python/ql/lib/semmle/python/frameworks/Streamlit.qll

@@ -44,4 +44,14 @@ module Streamlit {
 
     override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
   }
+private class StreamlitConnection extends SqlAlchemy::Connection::InstanceSource {
+    StreamlitConnection() {
+      this =
+        API::moduleImport("streamlit")
+            .getMember("connection")
+            .getReturn()
+            .getMember("connect")
+            .getACall()
+    }
+  }
 }

python/ql/test/library-tests/frameworks/streamlit/test.py

@@ -10,3 +10,8 @@
 
 # SQL injection sink
 q = conn.query("some sql")  # $ getSql="some sql"
+
+# SQLAlchemy connection
+c = conn.connect()
+
+c.execute("other sql")  # $ getSql="other sql"