Python: Model aiosqlite

Author: RasmusWL

docs/codeql/reusables/supported-frameworks.rst

@@ -223,6 +223,7 @@ and the CodeQL library pack ``codeql/python-all`` (`changelog <https://github.co
    aioch, Database
    aiomysql, Database
    aiopg, Database
+   aiosqlite, Database
    asyncpg, Database
    cassandra-driver, Database
    clickhouse-driver, Database

python/ql/lib/semmle/python/Frameworks.qll

@@ -7,6 +7,7 @@
 private import semmle.python.frameworks.Aioch
 private import semmle.python.frameworks.Aiohttp
 private import semmle.python.frameworks.Aiomysql
+private import semmle.python.frameworks.Aiosqlite
 private import semmle.python.frameworks.Aiopg
 private import semmle.python.frameworks.Asyncpg
 private import semmle.python.frameworks.CassandraDriver

python/ql/lib/semmle/python/frameworks/Aiosqlite.qll

@@ -0,0 +1,39 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `aiosqlite` PyPI package.
+ * See
+ * - https://pypi.org/project/aiosqlite/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/** Provides models for the `aiosqlite` PyPI package. */
+private module Aiosqlite {
+  /**
+   * A model of `aiosqlite` as a module that implements PEP 249 using asyncio, providing
+   * ways to execute SQL statements against a database.
+   */
+  class AiosqlitePEP249 extends PEP249::AsyncPEP249ModuleApiNode {
+    AiosqlitePEP249() { this = API::moduleImport("aiosqlite") }
+  }
+
+  /**
+   * An additional cursor, that is return from the coroutine Connection.execute,
+   * see https://aiosqlite.omnilib.dev/en/latest/api.html#aiosqlite.Connection.execute
+   */
+  class AiosqliteCursor extends PEP249::AsyncDatabaseCursor {
+    AiosqliteCursor() {
+      this =
+        API::moduleImport("aiosqlite")
+            .getMember("connect")
+            .getReturn()
+            .getAwaited()
+            .getMember("execute")
+            .getReturn()
+            .getAwaited()
+    }
+  }
+}

python/ql/lib/semmle/python/frameworks/PEP249.qll

@@ -52,7 +52,9 @@ module PEP249 {
     result in ["sql", "statement", "operation", "query", "query_string", "sql_script"]
   }
 
-  private string getExecuteMethodName() { result in ["execute", "executemany", "executescript"] }
+  private string getExecuteMethodName() {
+    result in ["execute", "executemany", "executescript", "execute_insert", "execute_fetchall"]
+  }
 
   /**
    * A call to an execute method on a database cursor or a connection, such as `execute`

python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.expected

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.ql

@@ -0,0 +1,27 @@
+import aiosqlite
+
+# see https://pypi.org/project/aiosqlite/
+
+async def test():
+    db = await aiosqlite.connect(...)
+
+    await db.execute("sql") # $ getSql="sql" constructedSql="sql"
+    await db.execute(sql="sql") # $ getSql="sql" constructedSql="sql"
+
+    cursor = await db.cursor()
+    cursor.execute("sql") # $ constructedSql="sql"
+
+    cursor = await db.execute("sql") # $ getSql="sql" constructedSql="sql"
+    cursor.execute("sql") # $ constructedSql="sql"
+
+    async with aiosqlite.connect(...) as db:
+        db.row_factory = aiosqlite.Row
+        async with db.execute("sql") as cursor: # $ getSql="sql" constructedSql="sql"
+            async for row in cursor:
+                print(row['column'])
+
+    # nonstandard
+    await db.execute_insert("sql") # $ getSql="sql" constructedSql="sql"
+    await db.execute_fetchall("sql") # $ getSql="sql" constructedSql="sql"
+    await db.executescript("sql") # $ getSql="sql" constructedSql="sql"
+    await db.executescript(sql_script="sql") # $ getSql="sql" constructedSql="sql"