CodeQL library for C/C++
codeql/cpp-all 3.0.1-dev (changelog, source)
Search

Module Sql

Provides abstract classes for modeling functions that execute and escape SQL query strings. To extend this QL library, create a QL class extending SqlExecutionFunction or SqlEscapeFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by the class to match the way a parameter flows into the function and, in the case of SqlEscapeFunction, out of the function.

Import path

import semmle.code.cpp.models.interfaces.Sql

Classes

SqlBarrierFunction

An abstract class that represents a function that is a barrier to an SQL query string.

SqlExecutionFunction

An abstract class that represents a function that executes an SQL query.