Add SQLEscapySanitizerCall class

mrthankyou · mrthankyou · commit 0be2c6b7657b · 2021-06-29T19:39:46.000-04:00
diff --git a/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll b/python/ql/src/experimental/semmle/python/frameworks/SqlAlchemy.qll
@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.ApiGraphs
 private import semmle.python.Concepts
+private import experimental.semmle.python.Concepts
 
 private module SqlAlchemy {
   /**
@@ -117,4 +118,17 @@ private module SqlAlchemy {
       )
     }
   }
+
+  /**
+   * Gets a reference to `sqlescapy.sqlescape`.
+   *
+   * See https://pypi.org/project/sqlescapy/
+   */
+  class SQLEscapySanitizerCall extends DataFlow::CallCfgNode, SQLEscape::Range {
+    SQLEscapySanitizerCall() {
+      this = API::moduleImport("sqlescapy").getMember("sqlescape").getACall()
+    }
+
+    override DataFlow::Node getAnInput() { result = this.getArg(0) }
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow`
`8`	`8`	`private import semmle.python.dataflow.new.TaintTracking`
`9`	`9`	`private import semmle.python.ApiGraphs`
`10`	`10`	`private import semmle.python.Concepts`
	`11`	`+private import experimental.semmle.python.Concepts`
`11`	`12`
`12`	`13`	`private module SqlAlchemy {`
`13`	`14`	`/**`
`@@ -117,4 +118,17 @@ private module SqlAlchemy {`
`117`	`118`	`)`
`118`	`119`	`}`
`119`	`120`	`}`
	`121`	`+`
	`122`	`+ /**`
	`123`	+ * Gets a reference to `sqlescapy.sqlescape`.
	`124`	`+ *`
	`125`	`+ * See https://pypi.org/project/sqlescapy/`
	`126`	`+ */`
	`127`	`+ class SQLEscapySanitizerCall extends DataFlow::CallCfgNode, SQLEscape::Range {`
	`128`	`+ SQLEscapySanitizerCall() {`
	`129`	`+ this = API::moduleImport("sqlescapy").getMember("sqlescape").getACall()`
	`130`	`+ }`
	`131`	`+`
	`132`	`+ override DataFlow::Node getAnInput() { result = this.getArg(0) }`
	`133`	`+ }`
`120`	`134`	`}`