rspec/rules/S3649/common/fix/code-rationale.adoc

The following code is an example of an overly simple data retrieval function.
It is vulnerable to SQL injection because user-controlled data is inserted
directly into a query string: The application assumes that incoming data
always has a specific range of characters and ignores that some characters may
change the query logic to a malicious one.

In this particular case, the query can be exploited with the following string: 

----
' OR '1'='1
----

Using the UNION clause, an attacker would also be able to perform queries against
other tables and combine the returned data within the same query result.
Modify rule S3649: Add databases support (APPSEC-1251) (#3381) 2025-03-18 10:31:43 +01:00			`The following code is an example of an overly simple data retrieval function.`
Modify Rule S3649: Education Framework (APPSEC-46 & APPSEC-47) (#1109) 2022-07-27 14:46:13 +02:00			`It is vulnerable to SQL injection because user-controlled data is inserted`
			`directly into a query string: The application assumes that incoming data`
Modify rule S3649: Add databases support (APPSEC-1251) (#3381) 2025-03-18 10:31:43 +01:00			`always has a specific range of characters and ignores that some characters may`
Modify Rule S3649: Education Framework (APPSEC-46 & APPSEC-47) (#1109) 2022-07-27 14:46:13 +02:00			`change the query logic to a malicious one.`

			`In this particular case, the query can be exploited with the following string:`

			`----`
Modify rule S3649: Add databases support (APPSEC-1251) (#3381) 2025-03-18 10:31:43 +01:00			`' OR '1'='1`
Modify Rule S3649: Education Framework (APPSEC-46 & APPSEC-47) (#1109) 2022-07-27 14:46:13 +02:00			`----`

Modify rule S3649: Add databases support (APPSEC-1251) (#3381) 2025-03-18 10:31:43 +01:00			`Using the UNION clause, an attacker would also be able to perform queries against`
			`other tables and combine the returned data within the same query result.`