Module Concepts

Provides abstract classes representing generic concepts such as file system access or system command execution, for which individual framework libraries provide concrete subclasses.

Import path

import semmle.python.Concepts

Classes

ActiveThreatModelSource	A data flow source that is enabled in the current threat model configuration.
CodeExecution	A data-flow node that dynamically executes Python code.
Decoding	A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc.
Encoding	A data-flow node that encodes data to a binary or textual format. This is intended to include serialization, marshalling, encoding, pickling, compressing, encrypting, etc.
Escaping	A data-flow node that escapes meta-characters, which could be used to prevent injection attacks.
FileSystemAccess	A data flow node that performs a file system access, including reading and writing data, creating and deleting files and folders, checking and updating permissions, and so on.
FileSystemWriteAccess	A data flow node that writes data to the file system access.
HtmlEscaping	An escape of a string so it can be safely included in the body of an HTML element, for example, replacing `{}` in `<p>{}</p>`.
LdapDnEscaping	An escape of a string so it can be safely used as a distinguished name (DN) in an LDAP search.
LdapFilterEscaping	An escape of a string so it can be safely used as a filter in an LDAP search.
Logging	A data-flow node that logs data.
NoSqlExecution	A data-flow node that executes NoSQL queries.
NoSqlSanitizer	A data-flow node that collects functions sanitizing NoSQL queries.
RegExpInterpretation	A node where a string is interpreted as a regular expression, for instance an argument to `re.compile`.
RegexEscaping	An escape of a string so it can be safely included in the body of a regex.
RegexExecution	A data-flow node that executes a regular expression.
SqlConstruction	A data-flow node that constructs an SQL statement.
SqlExecution	A data-flow node that executes SQL statements.
SystemCommandExecution	A data-flow node that executes an operating system command, for instance by spawning a new process.
TemplateConstruction	A data-flow node that constructs a template in a templating engine.
ThreatModelSource	A data flow source, for a specific threat-model.
XmlEscaping	An escape of a string so it can be safely included in the body of an XML element, for example, replacing `&` and `<>` in `<foo>&xxe;<foo>`.

Modules

CodeExecution	Provides a class for modeling new dynamic code execution APIs.
Cryptography	Provides models for cryptographic things.
Decoding	Provides a class for modeling new decoding mechanisms.
Encoding	Provides a class for modeling new encoding mechanisms.
Escaping	Provides a class for modeling new escaping APIs.
FileSystemAccess	Provides a class for modeling new file system access APIs.
FileSystemWriteAccess	Provides a class for modeling new file system writes.
Http	Provides classes for modeling HTTP-related APIs.
Ldap	Provides classes for modeling LDAP-related APIs.
Logging	Provides a class for modeling new logging mechanisms.
NoSqlExecution	Provides a class for modeling NoSQL execution APIs.
NoSqlSanitizer	Provides classes for modeling NoSql sanitization-related APIs.
Path	Provides classes for modeling path-related APIs.
RegExpInterpretation	Provides a class for modeling regular expression interpretations.
RegexExecution	Provides classes for modeling new regular-expression execution APIs.
SqlConstruction	Provides a class for modeling new SQL execution APIs.
SqlExecution	Provides a class for modeling new SQL execution APIs.
SystemCommandExecution	Provides a class for modeling new system-command execution APIs.
TemplateConstruction	Provides classes for modeling template construction APIs.
ThreatModelSource	Provides a class for modeling new sources for specific threat-models.
XML	Provides classes for modeling XML-related APIs.