github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Python: Fix up expected results of SqlInjection.ql

This commit is contained in:
Mark Shannon 2018-11-21 17:45:40 +00:00
Родитель bfb7e17ebf
Коммит c01db23f58
1 изменённых файлов: 22 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

32
python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
Просмотреть файл

@ -1,13 +1,25 @@
edges
| sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:7:8:7:14 | Taint django.request.HttpRequest at sql_injection.py:7 |
| sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:8:16:8:22 | Taint django.request.HttpRequest at sql_injection.py:8 |
| sql_injection.py:8:16:8:22 | Taint django.request.HttpRequest at sql_injection.py:8 | sql_injection.py:8:16:8:27 | Taint django.http.request.QueryDict at sql_injection.py:8 |
| sql_injection.py:8:16:8:27 | Taint django.http.request.QueryDict at sql_injection.py:8 | sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 |
| sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 | sql_injection.py:12:62:12:65 | Taint externally controlled string at sql_injection.py:12 |
| sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 | sql_injection.py:15:63:15:66 | Taint externally controlled string at sql_injection.py:15 |
| sql_injection.py:9:16:9:34 | Taint django.db.connection.cursor at sql_injection.py:9 | sql_injection.py:11:9:11:12 | Taint django.db.connection.cursor at sql_injection.py:11 |
| sql_injection.py:9:16:9:34 | Taint django.db.connection.cursor at sql_injection.py:9 | sql_injection.py:14:9:14:12 | Taint django.db.connection.cursor at sql_injection.py:14 |
| sql_injection.py:15:63:15:66 | Taint externally controlled string at sql_injection.py:15 | sql_injection.py:15:13:15:66 | Taint externally controlled string at sql_injection.py:15 |
| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:11:8:11:14 | Taint django.request.HttpRequest at sql_injection.py:11 |
| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 |
| sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 | sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 |
| sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 | sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 |
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:16:62:16:65 | Taint externally controlled string at sql_injection.py:16 |
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 |
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 |
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 |
| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 |
| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:15:9:15:12 | Taint django.db.connection.cursor at sql_injection.py:15 |
| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:18:9:18:12 | Taint django.db.connection.cursor at sql_injection.py:18 |
| sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 |
| sql_injection.py:22:9:22:20 | Taint django.db.models.Model.objects at sql_injection.py:22 | sql_injection.py:22:9:22:93 | Taint django.db.models.Model.objects at sql_injection.py:22 |
| sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 |
| sql_injection.py:23:9:23:20 | Taint django.db.models.Model.objects at sql_injection.py:23 | sql_injection.py:23:9:23:80 | Taint django.db.models.Model.objects at sql_injection.py:23 |
| sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 |
| sql_injection.py:24:9:24:20 | Taint django.db.models.Model.objects at sql_injection.py:24 | sql_injection.py:24:9:24:82 | Taint django.db.models.Model.objects at sql_injection.py:24 |
| sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 |
parents
#select
| sql_injection.py:15:13:15:66 | db.connection.execute | sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:15:13:15:66 | Taint externally controlled string at sql_injection.py:15 | This SQL query depends on $@. | sql_injection.py:5:15:5:21 | Django request source | a user-provided value |
| sql_injection.py:19:13:19:66 | db.connection.execute | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |