Module NoSqlInjection
Provides default sources, sinks and sanitizers for detecting “NoSql injection” vulnerabilities, as well as extension points for adding your own.
Import path
import semmle.python.security.dataflow.NoSqlInjectionCustomizations
Classes
Dict | A state where the tracked data has been converted to a dictionary. |
DictSink | A sink vulnerable to user controlled dictionaries. |
DictSource | A source of allowing dictionaries. |
FlowState | A flow state, tracking the structure of the data. |
JsonDecoding | A JSON decoding converts a string to a dictionary. |
NoSqlDecoding | A NoSQL decoding interprets a string as a dictionary. |
NoSqlExecutionAsDictSink | A NoSQL query that is vulnerable to user controlled dictionaries. |
NoSqlExecutionAsStringSink | A NoSQL query that is vulnerable to user controlled strings. |
RemoteFlowSourceAsStringSource | A remote flow source considered a source of user controlled strings. |
String | A state where the tracked data is only a string. |
StringSink | A sink vulnerable to user controlled strings. |
StringSource | A source allowing string inputs. |
StringToDictConversion | A data flow node where a string is converted into a dictionary. |