Skip to content

Commit

Permalink
Fix SQLi rule false positive
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinabraham
ajinabraham committed Jan 30, 2022
1 parent 5ba6ea0 commit 54fdb3d
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion njsscan/rules/semantic_grep/database/sql_injection.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
rules:
- id: node_sqli_injection
patterns:
- pattern-either:
- pattern-inside: |
require('sql-client')
...
- pattern-inside: |
require('mysql')
...
- pattern-inside: |
require('pg')
...
- pattern-inside: |
require('mssql')
...
- pattern-either:
- pattern: |
$CON.query(<... $REQ.$QUERY.$VAR ...>, ...)
Expand Down Expand Up @@ -33,7 +46,7 @@ rules:
- javascript
severity: ERROR
metadata:
owasp: 'A1: Injection'
owasp: "A1: Injection"
cwe: >-
CWE-89: Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection')

0 comments on commit 54fdb3d

Please sign in to comment.