Module Concepts
Provides abstract classes representing generic concepts such as file system access or system command execution, for which individual framework libraries provide concrete subclasses.
Import path
import semmle.python.Concepts
Classes
CodeExecution | A data-flow node that dynamically executes Python code. |
Decoding | A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc. |
Encoding | A data-flow node that encodes data to a binary or textual format. This is intended to include serialization, marshalling, encoding, pickling, compressing, encrypting, etc. |
Escaping | A data-flow node that escapes meta-characters, which could be used to prevent injection attacks. |
FileSystemAccess | A data flow node that performs a file system access, including reading and writing data, creating and deleting files and folders, checking and updating permissions, and so on. |
FileSystemWriteAccess | A data flow node that writes data to the file system access. |
HtmlEscaping | An escape of a string so it can be safely included in the body of an HTML element, for example, replacing |
LdapDnEscaping | An escape of a string so it can be safely used as a distinguished name (DN) in an LDAP search. |
LdapFilterEscaping | An escape of a string so it can be safely used as a filter in an LDAP search. |
Logging | A data-flow node that logs data. |
NoSqlExecution | A data-flow node that executes NoSQL queries. |
NoSqlSanitizer | A data-flow node that collects functions sanitizing NoSQL queries. |
RegExpInterpretation | A node where a string is interpreted as a regular expression, for instance an argument to |
RegexEscaping | An escape of a string so it can be safely included in the body of a regex. |
RegexExecution | A data-flow node that executes a regular expression. |
SqlConstruction | A data-flow node that constructs an SQL statement. |
SqlExecution | A data-flow node that executes SQL statements. |
SystemCommandExecution | A data-flow node that executes an operating system command, for instance by spawning a new process. |
XmlEscaping | An escape of a string so it can be safely included in the body of an XML element, for example, replacing |
Modules
CodeExecution | Provides a class for modeling new dynamic code execution APIs. |
Cryptography | Provides models for cryptographic things. |
Decoding | Provides a class for modeling new decoding mechanisms. |
Encoding | Provides a class for modeling new encoding mechanisms. |
Escaping | Provides a class for modeling new escaping APIs. |
FileSystemAccess | Provides a class for modeling new file system access APIs. |
FileSystemWriteAccess | Provides a class for modeling new file system writes. |
Http | Provides classes for modeling HTTP-related APIs. |
Ldap | Provides classes for modeling LDAP-related APIs. |
Logging | Provides a class for modeling new logging mechanisms. |
NoSqlExecution | Provides a class for modeling NoSQL execution APIs. |
NoSqlSanitizer | Provides classes for modeling NoSql sanitization-related APIs. |
Path | Provides classes for modeling path-related APIs. |
RegExpInterpretation | Provides a class for modeling regular expression interpretations. |
RegexExecution | Provides classes for modeling new regular-expression execution APIs. |
SqlConstruction | Provides a class for modeling new SQL execution APIs. |
SqlExecution | Provides a class for modeling new SQL execution APIs. |
SystemCommandExecution | Provides a class for modeling new system-command execution APIs. |
XML | Provides classes for modeling XML-related APIs. |