Skip to content

Detecting sanitizers or guard types for all vulnerabilities #7888

Answered by RasmusWL
Naman-ntc asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @Naman-ntc, sorry for the late reply, it seems this question got overlooked 😳

If I understand you correctly, you want an automated way to know that for example the Python query for SQL injection has a sanitizer guard for comparison with string constants?

Would be interesting to hear what you want to use that data for 😊

There are potential ways to extend the CodeQL query runs so that it can dump the QL class name of the available DataFlow::BarrierGuard for the available configurations, but that has the built-in limitation that there is a barrier-guard for a code-pattern that is not present in the DB, it will not be listed... so I would not recommend going down that route.

So besides man…

Replies: 1 comment 2 replies

Comment options

You must be logged in to vote
2 replies
@Naman-ntc
Comment options

@RasmusWL
Comment options

Answer selected by Naman-ntc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants