Python: Model asyncpg.connection.connect()

RasmusWL · RasmusWL · commit e4db5f9a64bd · 2023-03-22T10:28:04.000+01:00
diff --git a/python/ql/lib/semmle/python/frameworks/Asyncpg.qll b/python/ql/lib/semmle/python/frameworks/Asyncpg.qll
@@ -22,6 +22,7 @@ private module Asyncpg {
           // * - the result of `asyncpg.connect()` is awaited.
           // * - the result of calling `acquire` on a `ConnectionPool` is awaited.
           "asyncpg.Connection;asyncpg;Member[connect].ReturnValue.Awaited",
+          "asyncpg.Connection;asyncpg;Member[connection].Member[connect].ReturnValue.Awaited",
           "asyncpg.Connection;asyncpg.ConnectionPool;Member[acquire].ReturnValue.Awaited",
           // Creating an internal `~Connection` type that contains both `Connection` and `ConnectionPool`.
           "asyncpg.~Connection;asyncpg.Connection;", //
diff --git a/python/ql/test/library-tests/frameworks/asyncpg/test.py b/python/ql/test/library-tests/frameworks/asyncpg/test.py
@@ -22,6 +22,9 @@ async def test_connection():
     finally:
         await conn.close()
 
+    conn = await asyncpg.connection.connect()
+    conn.execute("sql") # $ mad-sink[sql-injection]="sql"
+
 
 async def test_prepared_statement():
     conn = await asyncpg.connect()
