-
|
Hi, I was exploring QL for python and noticed that SqlInjectionSink, defined in the Sql.qll library misses some results. Running the following query: misses out certain results like cursor.execute() at /django/db/models/sql/compiler.py line 1161 Does anyone know the reason for this, and is there any way to include it as a sink? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @ChewZL, thanks for reporting this missing result 👍 To handle this requires better QL modeling of libraries. Currently we're doing a major rewrite of the Python analysis, and won't have time to look into this in the next couple of months. I'll note it down so we remember to look into it afterwards 👍 |
Beta Was this translation helpful? Give feedback.
Hi @ChewZL, thanks for reporting this missing result 👍
To handle this requires better QL modeling of libraries. Currently we're doing a major rewrite of the Python analysis, and won't have time to look into this in the next couple of months. I'll note it down so we remember to look into it afterwards 👍