Module Sql

Provides class and predicates to track external data that may represent malicious SQL queries or parts of queries.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

semmle.python.security.injection.Sql

Imports

TaintTracking

Python Taint Tracking Library

Untrusted
python

Predicates

probable_sql_command

Holds if command appears to be a SQL command string of which inject is a part.

Classes

DbConnectionExecuteArgument

A taint sink that is vulnerable to malicious SQL queries. The vuln in db.connection.execute(vuln) and similar.

DbConnectionSource

A taint source representing sources of DB connections. This will be overridden to provide specific kinds of DB connection sources.

DbCursor

A taint kind representing a DB cursor. This will be overridden to provide specific kinds of DB cursor.

SimpleSqlStringInjection

A part of a string that appears to be a SQL command and is thus vulnerable to malicious input.