Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add BigQuery to the SQL frameworks so that it
Browse files Browse the repository at this point in the history
Can be used as a sink for SQL injection queries.

Signed-off-by: Jordy Zomer <[email protected]>
JordyZomer committed Jan 9, 2025
1 parent 0957113 commit 0163d5a
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions go/ql/lib/semmle/go/frameworks/SQL.qll
Original file line number Diff line number Diff line change
@@ -100,12 +100,28 @@ module SQL {
}
}

/** A string that might identify package `go/bigquery` */
string gobigquery() { result = "cloud.google.com/go/bigquery.Client" }

/** A string that might identify package `go-pg/pg` or a specific version of it. */
private string gopg() { result = package("github.com/go-pg/pg", "") }

/** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }

/**
* A string argument to an api of `go/bigquery` that is directly interpreted as SQL
* without taking syntactic structure in account
*/
class BigQueryString extends Range {
BigQueryString() {
exists(Function f |
f.hasQualifiedName(gobigquery(), "Query") and
this = f.getACall().getArgument(0)
)
}
}

/**
* A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
* taking syntactic structure into account.

0 comments on commit 0163d5a

Please sign in to comment.