From 0325f368fe27045757d8bb55e18879a2ac88f379 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 1 May 2025 13:57:14 +0200 Subject: [PATCH 1/3] Added test case for `hdbcli` --- .../frameworks/hdbcli/ConceptsTest.expected | 0 .../test/library-tests/frameworks/hdbcli/ConceptsTest.ql | 2 ++ python/ql/test/library-tests/frameworks/hdbcli/pep249.py | 9 +++++++++ 3 files changed, 11 insertions(+) create mode 100644 python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.expected create mode 100644 python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql create mode 100644 python/ql/test/library-tests/frameworks/hdbcli/pep249.py diff --git a/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql new file mode 100644 index 000000000000..b557a0bccb69 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/hdbcli/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/hdbcli/pep249.py b/python/ql/test/library-tests/frameworks/hdbcli/pep249.py new file mode 100644 index 000000000000..35c6e6d87e45 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/hdbcli/pep249.py @@ -0,0 +1,9 @@ +from hdbcli import dbapi + +conn = dbapi.connect(address="hostname", port=300, user="username", password="password") +cursor = conn.cursor() + +cursor.execute("some sql", (42,)) # $ MISSING: getSql="some sql" +cursor.executemany("some sql", (42,)) # $ MISSING: getSql="some sql" + +cursor.close() From e1fc0ca051d43b46aef2fd1adeeb3a5b3c25ed33 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 1 May 2025 14:01:33 +0200 Subject: [PATCH 2/3] Added implementation `hdbcli` as part of `PEP249::PEP249ModuleApiNode` --- python/ql/lib/semmle/python/Frameworks.qll | 1 + .../lib/semmle/python/frameworks/Hdbcli.qll | 24 +++++++++++++++++++ .../library-tests/frameworks/hdbcli/pep249.py | 4 ++-- 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 python/ql/lib/semmle/python/frameworks/Hdbcli.qll diff --git a/python/ql/lib/semmle/python/Frameworks.qll b/python/ql/lib/semmle/python/Frameworks.qll index e6af222a615f..955385141f7f 100644 --- a/python/ql/lib/semmle/python/Frameworks.qll +++ b/python/ql/lib/semmle/python/Frameworks.qll @@ -35,6 +35,7 @@ private import semmle.python.frameworks.FlaskAdmin private import semmle.python.frameworks.FlaskSqlAlchemy private import semmle.python.frameworks.Genshi private import semmle.python.frameworks.Gradio +private import semmle.python.frameworks.Hdbcli private import semmle.python.frameworks.Httpx private import semmle.python.frameworks.Idna private import semmle.python.frameworks.Invoke diff --git a/python/ql/lib/semmle/python/frameworks/Hdbcli.qll b/python/ql/lib/semmle/python/frameworks/Hdbcli.qll new file mode 100644 index 000000000000..6b91519ae63b --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Hdbcli.qll @@ -0,0 +1,24 @@ +/** + * Provides classes modeling security-relevant aspects of the `hdbcli` PyPI package. + * See https://pypi.org/project/hdbcli/ + */ + +private import python +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `hdbcli` PyPI package. + * See https://pypi.org/project/hdbcli/ + */ +private module Hdbcli { + /** + * A model of `hdbcli` as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class HdbcliPEP249 extends PEP249::PEP249ModuleApiNode { + HdbcliPEP249() { this = API::moduleImport("hdbcli").getMember("dbapi") } + } +} diff --git a/python/ql/test/library-tests/frameworks/hdbcli/pep249.py b/python/ql/test/library-tests/frameworks/hdbcli/pep249.py index 35c6e6d87e45..713f15cb6d4f 100644 --- a/python/ql/test/library-tests/frameworks/hdbcli/pep249.py +++ b/python/ql/test/library-tests/frameworks/hdbcli/pep249.py @@ -3,7 +3,7 @@ conn = dbapi.connect(address="hostname", port=300, user="username", password="password") cursor = conn.cursor() -cursor.execute("some sql", (42,)) # $ MISSING: getSql="some sql" -cursor.executemany("some sql", (42,)) # $ MISSING: getSql="some sql" +cursor.execute("some sql", (42,)) # $ getSql="some sql" +cursor.executemany("some sql", (42,)) # $ getSql="some sql" cursor.close() From da7c0931b8aead3a235008d0b5ca2ad88b2a941e Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 1 May 2025 14:08:54 +0200 Subject: [PATCH 3/3] Added `hdbcli` to be part of `supported-framework` as well as change note --- docs/codeql/reusables/supported-frameworks.rst | 1 + python/ql/lib/change-notes/2025-05-01-hdbcli.md | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 python/ql/lib/change-notes/2025-05-01-hdbcli.md diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 402a3b9ee3d3..07a5e509fecb 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -254,6 +254,7 @@ and the CodeQL library pack ``codeql/python-all`` (`changelog