rspec/rules/S3649/common/fix/code-rationale.adoc

The following code is an example of an overly simple authentication function.
It is vulnerable to SQL injection because user-controlled data is inserted
directly into a query string: The application assumes that incoming data
always has a specific range of characters, and ignores that some characters may
change the query logic to a malicious one.

In this particular case, the query can be exploited with the following string: 

----
foo' OR 1=1 --
----

By adapting and inserting this template string into one of the fields (`user` or `pass`), an
attacker would be able to log in as any user within the scoped user table.
Modify Rule S3649: Education Framework (APPSEC-46 & APPSEC-47) (#1109) 2022-07-27 14:46:13 +02:00			`The following code is an example of an overly simple authentication function.`
			`It is vulnerable to SQL injection because user-controlled data is inserted`
			`directly into a query string: The application assumes that incoming data`
			`always has a specific range of characters, and ignores that some characters may`
			`change the query logic to a malicious one.`

			`In this particular case, the query can be exploited with the following string:`

			`----`
			`foo' OR 1=1 --`
			`----`

			By adapting and inserting this template string into one of the fields (`user` or `pass`), an
			`attacker would be able to log in as any user within the scoped user table.`