CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module Sql

Provides class and predicates to track external data that may represent malicious SQL queries or parts of queries.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

import semmle.python.security.injection.Sql

Imports

Predicates

probable_sql_command

Holds if command appears to be a SQL command string of which inject is a part.

Classes

DbConnectionExecuteArgument

A taint sink that is vulnerable to malicious SQL queries. The vuln in db.connection.execute(vuln) and similar.

DbConnectionSource

A taint source representing sources of DB connections. This will be overridden to provide specific kinds of DB connection sources.

DbCursor

A taint kind representing a DB cursor. This will be overridden to provide specific kinds of DB cursor.

SimpleSqlStringInjection

A part of a string that appears to be a SQL command and is thus vulnerable to malicious input.