File tree Expand file tree Collapse file tree 3 files changed +16
-2
lines changed
Expand file tree Collapse file tree 3 files changed +16
-2
lines changed Original file line number Diff line number Diff line change @@ -78,6 +78,19 @@ module SqlExecution {
7878 }
7979}
8080
81+ /**
82+ * A data-flow node that performs SQL sanitization.
83+ */
84+ class SqlSanitization extends DataFlow:: Node instanceof SqlSanitization:: Range { }
85+
86+ /** Provides a class for modeling new SQL sanitization APIs. */
87+ module SqlSanitization {
88+ /**
89+ * A data-flow node that performs SQL sanitization.
90+ */
91+ abstract class Range extends DataFlow:: Node { }
92+ }
93+
8194/**
8295 * A data-flow node that executes a regular expression.
8396 *
Original file line number Diff line number Diff line change @@ -32,3 +32,4 @@ private import codeql.ruby.frameworks.Slim
3232private import codeql.ruby.frameworks.Sinatra
3333private import codeql.ruby.frameworks.Twirp
3434private import codeql.ruby.frameworks.Sqlite3
35+ private import codeql.ruby.frameworks.Mysql2
Original file line number Diff line number Diff line change @@ -57,7 +57,7 @@ module SqlInjection {
5757 /**
5858 * A call to `Mysql2::Client.escape`, considered as a sanitizer.
5959 */
60- class Mysql2EscapeSanitization extends Sanitizer {
60+ private class Mysql2EscapeSanitization extends Sanitizer {
6161 Mysql2EscapeSanitization ( ) {
6262 this = API:: getTopLevelMember ( "Mysql2" ) .getMember ( "Client" ) .getAMethodCall ( "escape" )
6363 }
@@ -66,7 +66,7 @@ module SqlInjection {
6666 /**
6767 * A call to `SQLite3::Database.quote`, considered as a sanitizer.
6868 */
69- class SQLite3EscapeSanitization extends Sanitizer {
69+ private class SQLite3EscapeSanitization extends Sanitizer {
7070 SQLite3EscapeSanitization ( ) {
7171 this = API:: getTopLevelMember ( "SQLite3" ) .getMember ( "Database" ) .getAMethodCall ( "quote" )
7272 }
You can’t perform that action at this time.
0 commit comments