C#: Add SQLiteCommand sinks.

michaelnebel · michaelnebel · commit 6f9f771f586d · 2022-08-10T11:08:27.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
@@ -39,7 +39,8 @@ class IDbCommandConstructionSqlExpr extends SqlExpr, ObjectCreation {
           .hasQualifiedName([
               // Known sealed classes:
               "System.Data.SqlClient.SqlCommand", "System.Data.Odbc.OdbcCommand",
-              "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand"
+              "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand",
+              "System.Data.SQLite.SQLiteCommand"
             ])
     )
   }
@@ -67,7 +68,11 @@ private class IDbCommandConstructionSinkModelCsv extends SinkModelCsv {
         // EntityCommand
         "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String);;Argument[0];sql;manual",
         "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection);;Argument[0];sql;manual",
-        "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual"
+        "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual",
+        // SQLiteCommand
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction);;Argument[0];sql;manual",
       ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,8 @@ class IDbCommandConstructionSqlExpr extends SqlExpr, ObjectCreation {`
`39`	`39`	`.hasQualifiedName([`
`40`	`40`	`// Known sealed classes:`
`41`	`41`	`"System.Data.SqlClient.SqlCommand", "System.Data.Odbc.OdbcCommand",`
`42`		`- "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand"`
	`42`	`+ "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand",`
	`43`	`+ "System.Data.SQLite.SQLiteCommand"`
`43`	`44`	`])`
`44`	`45`	`)`
`45`	`46`	`}`
`@@ -67,7 +68,11 @@ private class IDbCommandConstructionSinkModelCsv extends SinkModelCsv {`
`67`	`68`	`// EntityCommand`
`68`	`69`	`"System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String);;Argument[0];sql;manual",`
`69`	`70`	`"System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection);;Argument[0];sql;manual",`
`70`		`- "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual"`
	`71`	`+ "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual",`
	`72`	`+ // SQLiteCommand`
	`73`	`+ "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String);;Argument[0];sql;manual",`
	`74`	`+ "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection);;Argument[0];sql;manual",`
	`75`	`+ "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction);;Argument[0];sql;manual",`
`71`	`76`	`]`
`72`	`77`	`}`
`73`	`78`	`}`