CodeQL library for Python
codeql/python-all 0.12.1 (changelog, source)
Search

Module NoSqlInjection

Provides default sources, sinks and sanitizers for detecting “NoSql injection” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.NoSqlInjectionCustomizations

Classes

Dict

A state where the tracked data has been converted to a dictionary.

DictSink

A sink vulnerable to user controlled dictionaries.

DictSource

A source of allowing dictionaries.

FlowState

A flow state, tracking the structure of the data.

JsonDecoding

A JSON decoding converts a string to a dictionary.

NoSqlDecoding

A NoSQL decoding interprets a string as a dictionary.

NoSqlExecutionAsDictSink

A NoSQL query that is vulnerable to user controlled dictionaries.

NoSqlExecutionAsStringSink

A NoSQL query that is vulnerable to user controlled strings.

RemoteFlowSourceAsStringSource

A remote flow source considered a source of user controlled strings.

String

A state where the tracked data is only a string.

StringSink

A sink vulnerable to user controlled strings.

StringSource

A source allowing string inputs.

StringToDictConversion

A data flow node where a string is converted into a dictionary.