-
I am trying to study the kinds of sanitizers used in different languages (and implemented in CodeQL). Is there a way to list down all the sanitizer/barrier/sanitizer-guard/barrier-guard classes that are used for a vulnerability in an automated manner? We can discount the general sanitizers that are implemented in global files and only consider the specific ones implemented in customizations. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
Hi @Naman-ntc, sorry for the late reply, it seems this question got overlooked 😳 If I understand you correctly, you want an automated way to know that for example the Python query for SQL injection has a sanitizer guard for comparison with string constants? Would be interesting to hear what you want to use that data for 😊 There are potential ways to extend the CodeQL query runs so that it can dump the QL class name of the available So besides manually looking through configuration specification, I would probably also have gone for some regexes 😅 |
Beta Was this translation helpful? Give feedback.
Hi @Naman-ntc, sorry for the late reply, it seems this question got overlooked 😳
If I understand you correctly, you want an automated way to know that for example the Python query for SQL injection has a sanitizer guard for comparison with string constants?
Would be interesting to hear what you want to use that data for 😊
There are potential ways to extend the CodeQL query runs so that it can dump the QL class name of the available
DataFlow::BarrierGuard
for the available configurations, but that has the built-in limitation that there is a barrier-guard for a code-pattern that is not present in the DB, it will not be listed... so I would not recommend going down that route.So besides man…