Module Concepts
Provides abstract classes representing generic concepts such as file system access or system command execution, for which individual framework libraries provide concrete subclasses.
Import path
import semmle.python.ConceptsClasses
| CodeExecution | A data-flow node that dynamically executes Python code. |
| Decoding | A data-flow node that decodes data from a binary or textual format. This is intended to include deserialization, unmarshalling, decoding, unpickling, decompressing, decrypting, parsing etc. |
| Encoding | A data-flow node that encodes data to a binary or textual format. This is intended to include serialization, marshalling, encoding, pickling, compressing, encrypting, etc. |
| Escaping | A data-flow node that escapes meta-characters, which could be used to prevent injection attacks. |
| FileSystemAccess | A data flow node that performs a file system access, including reading and writing data, creating and deleting files and folders, checking and updating permissions, and so on. |
| FileSystemWriteAccess | A data flow node that writes data to the file system access. |
| HtmlEscaping | An escape of a string so it can be safely included in the body of an HTML element, for example, replacing |
| LdapDnEscaping | An escape of a string so it can be safely used as a distinguished name (DN) in an LDAP search. |
| LdapFilterEscaping | An escape of a string so it can be safely used as a filter in an LDAP search. |
| Logging | A data-flow node that logs data. |
| NoSqlExecution | A data-flow node that executes NoSQL queries. |
| NoSqlSanitizer | A data-flow node that collects functions sanitizing NoSQL queries. |
| RegExpInterpretation | A node where a string is interpreted as a regular expression, for instance an argument to |
| RegexEscaping | An escape of a string so it can be safely included in the body of a regex. |
| RegexExecution | A data-flow node that executes a regular expression. |
| SqlConstruction | A data-flow node that constructs an SQL statement. |
| SqlExecution | A data-flow node that executes SQL statements. |
| SystemCommandExecution | A data-flow node that executes an operating system command, for instance by spawning a new process. |
| XmlEscaping | An escape of a string so it can be safely included in the body of an XML element, for example, replacing |
Modules
| CodeExecution | Provides a class for modeling new dynamic code execution APIs. |
| Cryptography | Provides models for cryptographic things. |
| Decoding | Provides a class for modeling new decoding mechanisms. |
| Encoding | Provides a class for modeling new encoding mechanisms. |
| Escaping | Provides a class for modeling new escaping APIs. |
| FileSystemAccess | Provides a class for modeling new file system access APIs. |
| FileSystemWriteAccess | Provides a class for modeling new file system writes. |
| Http | Provides classes for modeling HTTP-related APIs. |
| Ldap | Provides classes for modeling LDAP-related APIs. |
| Logging | Provides a class for modeling new logging mechanisms. |
| NoSqlExecution | Provides a class for modeling NoSQL execution APIs. |
| NoSqlSanitizer | Provides classes for modeling NoSql sanitization-related APIs. |
| Path | Provides classes for modeling path-related APIs. |
| RegExpInterpretation | Provides a class for modeling regular expression interpretations. |
| RegexExecution | Provides classes for modeling new regular-expression execution APIs. |
| SqlConstruction | Provides a class for modeling new SQL execution APIs. |
| SqlExecution | Provides a class for modeling new SQL execution APIs. |
| SystemCommandExecution | Provides a class for modeling new system-command execution APIs. |
| XML | Provides classes for modeling XML-related APIs. |