Class SqlConstruction :: Range
A data-flow node that constructs an SQL statement.
Often, it is worthy of an alert if an SQL statement is constructed such that executing it would be a security risk.
If it is important that the SQL statement is indeed executed, then use SqlExecution.
Extend this class to model new APIs. If you want to refine existing API models,
extend SqlConstruction instead.
Import path
import semmle.python.Concepts
Direct supertypes
Indirect supertypes
Known direct subtypes
Predicates
| getSql |
Gets the argument that specifies the SQL statements to be constructed. |
Inherited predicates
| asCfgNode |
Gets the control-flow node corresponding to this node, if any. |
from Node |
| asExpr |
Gets the expression corresponding to this node, if any. |
from Node |
| asVar |
Gets the ESSA variable corresponding to this node, if any. |
from Node |
| getALocalSource |
Gets a local source node from which data may flow to this node in zero or more local data-flow steps. |
from Node |
| getEnclosingCallable |
Gets the enclosing callable of this node. |
from Node |
| getLocation |
Gets the location of this node |
from Node |
| getScope |
Gets the scope of this node. |
from Node |
| hasLocationInfo |
Holds if this element is at the specified location. The location spans column |
from Node |
| toString |
Gets a textual representation of this element. |
from Node |