CodeQL library for Python
codeql/python-all 2.2.1-dev (changelog, source)
Search

Module NoSqlInjection

Provides default sources, sinks and sanitizers for detecting “NoSql injection” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.NoSqlInjectionCustomizations

Classes

Dict

A state where the tracked data has been converted to a dictionary.

DictSink

A sink vulnerable to user controlled dictionaries.

DictSource

A source of allowing dictionaries.

FlowState

A flow state, tracking the structure of the data.

JsonDecoding

A JSON decoding converts a string to a dictionary.

NoSqlDecoding

A NoSQL decoding interprets a string as a dictionary.

NoSqlExecutionAsDictSink

A NoSQL query that is vulnerable to user controlled dictionaries.

NoSqlExecutionAsStringSink

A NoSQL query that is vulnerable to user controlled strings.

RemoteFlowSourceAsStringSource

A remote flow source considered a source of user controlled strings.

String

A state where the tracked data is only a string.

StringSink

A sink vulnerable to user controlled strings.

StringSource

A source allowing string inputs.

StringToDictConversion

A data flow node where a string is converted into a dictionary.