51 lines
1.5 KiB
Plaintext
51 lines
1.5 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === MySQL ===
|
|
const mysql = require('mysql');
|
|
const mycon = mysql.createConnection({ host: host, user: user, password: pass, database: db });
|
|
mycon.connect(function(err) {
|
|
mycon.query('SELECT * FROM users WHERE id = ' + userinput, (err, res) => {}); // Sensitive
|
|
});
|
|
|
|
// === PostgreSQL ===
|
|
const pg = require('pg');
|
|
const pgcon = new pg.Client({ host: host, user: user, password: pass, database: db });
|
|
pgcon.connect();
|
|
pgcon.query('SELECT * FROM users WHERE id = ' + userinput, (err, res) => {}); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
// === MySQL ===
|
|
const mysql = require('mysql');
|
|
const mycon = mysql.createConnection({ host: host, user: user, password: pass, database: db });
|
|
mycon.connect(function(err) {
|
|
mycon.query('SELECT name FROM users WHERE id = ?', [userinput], (err, res) => {});
|
|
});
|
|
|
|
// === PostgreSQL ===
|
|
const pg = require('pg');
|
|
const pgcon = new pg.Client({ host: host, user: user, password: pass, database: db });
|
|
pgcon.connect();
|
|
pgcon.query('SELECT name FROM users WHERE id = $1', [userinput], (err, res) => {});
|
|
----
|
|
|
|
== Exceptions
|
|
|
|
This rule's current implementation does not follow variables. It will only detect SQL queries which are formatted directly in the function call.
|
|
|
|
----
|
|
const sql = 'SELECT * FROM users WHERE id = ' + userinput;
|
|
mycon.query(sql, (err, res) => {}); // Sensitive but no issue is raised.
|
|
----
|
|
|
|
include::../see.adoc[]
|