CodeQL library for Go
codeql/go-all 3.0.1-dev (changelog, source)
Search

Module SqlInjection

Provides extension points for customizing the taint tracking configuration for reasoning about SQL-injection vulnerabilities.

Import path

import semmle.go.security.SqlInjectionCustomizations

Classes

NoSqlQueryAsSink

A NoSql query, considered as a taint sink for SQL injection.

NumericOrBooleanSanitizer

A numeric- or boolean-typed node, considered a sanitizer for sql injection.

Sanitizer

A sanitizer for SQL-injection vulnerabilities.

Sink

A data flow sink for SQL-injection vulnerabilities.

Source

A data flow source for SQL-injection vulnerabilities.

SqlQueryAsSink

An SQL string, considered as a taint sink for SQL injection.

UntrustedFlowAsSource

DEPRECATED: Use ActiveThreatModelSource or Source instead.