File tree Expand file tree Collapse file tree 1 file changed +37
-0
lines changed
python/ql/lib/semmle/python/frameworks Expand file tree Collapse file tree 1 file changed +37
-0
lines changed Original file line number Diff line number Diff line change 1+ /**
2+ * Provides classes modeling security-relevant aspects of the `streamlit` PyPI package.
3+ * See https://pypi.org/project/streamlit/.
4+ */
5+
6+ import python
7+ import semmle.python.dataflow.new.RemoteFlowSources
8+ import semmle.python.dataflow.new.TaintTracking
9+ import semmle.python.ApiGraphs
10+ import semmle.python.Concepts
11+
12+
13+ /**
14+ * Provides models for the `gradio` PyPI package.
15+ * See https://pypi.org/project/gradio/.
16+ */
17+ module Streamlit {
18+ /**
19+ * The calls to the interactive streamlit widgets, which take untrusted input.
20+ */
21+ private class StreamlitInput extends RemoteFlowSource:: Range {
22+ StreamlitInput ( ) { this = API:: moduleImport ( "streamlit" ) .getMember ( [ "text_input" , "text_area" , "chat_input" ] ) .getACall ( ) }
23+ override string getSourceType ( ) { result = "Streamlit user input" }
24+ }
25+
26+ /**
27+ * The `query` call that can execute raw queries on a connection to a SQL/Sonwflake/Snowpark database.
28+ * https://docs.streamlit.io/develop/api-reference/connections/st.connection
29+ */
30+ private class QueryMethodCall extends DataFlow:: CallCfgNode , SqlExecution:: Range {
31+ QueryMethodCall ( ) {
32+ this = API:: moduleImport ( "streamlit" ) .getMember ( "connection" ) .getReturn ( ) .getMember ( "query" ) .getACall ( )
33+ }
34+ override DataFlow:: Node getSql ( ) { result in [ this .getArg ( 0 ) , this .getArgByName ( "sql" ) ] }
35+ }
36+
37+ }
You can’t perform that action at this time.
0 commit comments