sdk/python/Databases/PyPymysql
Databases

PyPymysql

PyMySQL is a pure-Python MySQL driver. Cursor.execute() accepts a raw query and parameter tuple — injection sink when the query is built from user input without the %s placeholder.

2 sinks
Taint flow0 sources 2 sinks
Sinks — dangerous call
.execute()
.executemany()

Sinks

.execute()Sink
#
Signature
Cursor.execute(query: str, args=None) -> int

Executes a query. SQL injection sink when query is built from user input without %s.

tracks:0
.executemany()Sink
#
Signature
Cursor.executemany(query: str, args: Sequence) -> int

Executes a query many times. Same injection risk.

tracks:0

Other Methods

.connect()Neutral
#
Signature
pymysql.connect(host='localhost', user=None, password='', ...) -> Connection

Opens a MySQL connection.

Fully-Qualified Names

FQNField
pymysqlfqns[0]
pymysql.cursors.Cursorfqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyPymysql
Next →PyRedis