File tree Expand file tree Collapse file tree 1 file changed +33
-0
lines changed
python/ql/src/experimental/semmle/python Expand file tree Collapse file tree 1 file changed +33
-0
lines changed Original file line number Diff line number Diff line change @@ -146,3 +146,36 @@ class LDAPEscape extends DataFlow::Node {
146146 */
147147 DataFlow:: Node getAnInput ( ) { result = range .getAnInput ( ) }
148148}
149+
150+ /** Provides classes for modeling SQL sanitization libraries. */
151+ module SQLEscape {
152+ /**
153+ * A data-flow node that collects functions that escape SQL statements.
154+ *
155+ * Extend this class to model new APIs. If you want to refine existing API models,
156+ * extend `SQLEscape` instead.
157+ */
158+ abstract class Range extends DataFlow:: Node {
159+ /**
160+ * Gets the argument containing the raw SQL statement.
161+ */
162+ abstract DataFlow:: Node getAnInput ( ) ;
163+ }
164+ }
165+
166+ /**
167+ * A data-flow node that collects functions escaping SQL statements.
168+ *
169+ * Extend this class to refine existing API models. If you want to model new APIs,
170+ * extend `SQLEscape::Range` instead.
171+ */
172+ class SQLEscape extends DataFlow:: Node {
173+ SQLEscape:: Range range ;
174+
175+ SQLEscape ( ) { this = range }
176+
177+ /**
178+ * Gets the argument containing the raw SQL statement.
179+ */
180+ DataFlow:: Node getAnInput ( ) { result = range .getAnInput ( ) }
181+ }
You can’t perform that action at this time.
0 commit comments