CodeQL library for Python
codeql/python-all 4.0.10 (changelog, source)
Search

Module SqlInjection

Provides default sources, sinks and sanitizers for detecting “SQL injection” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.SqlInjectionCustomizations

Classes

ConstCompareAsSanitizerGuard

A comparison with a constant, considered as a sanitizer-guard.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for “SQL injection” vulnerabilities.

Sink

A data flow sink for “SQL injection” vulnerabilities.

Source

A data flow source for “SQL injection” vulnerabilities.

SqlConstructionAsSink

A SQL statement of a SQL construction, considered as a flow sink.

SqlExecutionAsSink

A SQL statement of a SQL execution, considered as a flow sink.

Aliases

StringConstCompareAsSanitizerGuard

DEPRECATED: Use ConstCompareAsSanitizerGuard instead.