Class SqlConstruction
A data-flow node that constructs an SQL statement.
Often, it is worthy of an alert if an SQL statement is constructed such that executing it would be a security risk.
If it is important that the SQL statement is indeed executed, then use SqlExecution
.
Extend this class to refine existing API models. If you want to model new APIs,
extend SqlConstruction::Range
instead.
Import path
import semmle.python.Concepts
Direct supertypes
Indirect supertypes
Predicates
getSql | Gets the argument that specifies the SQL statements to be constructed. |
Inherited predicates
asCfgNode | Gets the control-flow node corresponding to this node, if any. | from Node |
asExpr | Gets the expression corresponding to this node, if any. | from Node |
getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
getLocation | Gets the location of this node | from Node |
getScope | Gets the scope of this node. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
toString | Gets a textual representation of this element. | from Node |