hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 11:10:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14195 from Kwstubbs/SQL_int_sanitizer

Browse Source 
Add Integer/Boolean Sanitizer to SQL injection Query
This commit is contained in:
Chris Smowton
2023-09-15 14:13:35 +01:00
committed by GitHub
parent 062024b3d6 aaa230a791
commit f160c6c646
4 changed files with 131 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added Numeric and Boolean types to SQL injection sanitzers.

9
go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
View File

@@ -40,4 +40,13 @@ module SqlInjection {
/** A NoSql query, considered as a taint sink for SQL injection. */
class NoSqlQueryAsSink extends Sink instanceof NoSql::Query { }
/**
* A numeric- or boolean-typed node, considered a sanitizer for sql injection.
*/
class NumericOrBooleanSanitizer extends Sanitizer {
NumericOrBooleanSanitizer() {
this.getType() instanceof NumericType or this.getType() instanceof BoolType
}
}
}

214
go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -21,54 +21,54 @@ edges
| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category |
| issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 |
| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf |
| main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression |
| main.go:14:63:14:67 | selection of URL | main.go:14:63:14:75 | call to Query |
| main.go:14:63:14:75 | call to Query | main.go:14:63:14:83 | index expression |
| main.go:14:63:14:83 | index expression | main.go:14:11:14:84 | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | main.go:15:63:15:84 | call to Get |
| main.go:15:63:15:84 | call to Get | main.go:15:11:15:85 | call to Sprintf |
| main.go:27:17:30:2 | &... [pointer, Category] | main.go:33:3:33:13 | RequestData [pointer, Category] |
| main.go:27:18:30:2 | struct literal [Category] | main.go:27:17:30:2 | &... [pointer, Category] |
| main.go:29:13:29:19 | selection of URL | main.go:29:13:29:27 | call to Query |
| main.go:29:13:29:27 | call to Query | main.go:29:13:29:39 | index expression |
| main.go:29:13:29:39 | index expression | main.go:27:18:30:2 | struct literal [Category] |
| main.go:32:7:33:23 | call to Sprintf | main.go:34:11:34:11 | q |
| main.go:33:3:33:13 | RequestData [pointer, Category] | main.go:33:3:33:13 | implicit dereference [Category] |
| main.go:33:3:33:13 | implicit dereference [Category] | main.go:33:3:33:22 | selection of Category |
| main.go:33:3:33:22 | selection of Category | main.go:32:7:33:23 | call to Sprintf |
| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:39:2:39:12 | RequestData [pointer, Category] |
| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:42:3:42:13 | RequestData [pointer, Category] |
| main.go:39:2:39:12 | RequestData [pointer, Category] | main.go:39:2:39:12 | implicit dereference [Category] |
| main.go:39:2:39:12 | implicit dereference [Category] | main.go:38:2:38:12 | definition of RequestData [pointer, Category] |
| main.go:39:25:39:31 | selection of URL | main.go:39:25:39:39 | call to Query |
| main.go:39:25:39:39 | call to Query | main.go:39:25:39:51 | index expression |
| main.go:39:25:39:51 | index expression | main.go:39:2:39:12 | implicit dereference [Category] |
| main.go:41:7:42:23 | call to Sprintf | main.go:43:11:43:11 | q |
| main.go:42:3:42:13 | RequestData [pointer, Category] | main.go:42:3:42:13 | implicit dereference [Category] |
| main.go:42:3:42:13 | implicit dereference [Category] | main.go:42:3:42:22 | selection of Category |
| main.go:42:3:42:22 | selection of Category | main.go:41:7:42:23 | call to Sprintf |
| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:48:4:48:14 | RequestData [pointer, Category] |
| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:51:3:51:13 | RequestData [pointer, Category] |
| main.go:48:3:48:14 | star expression [Category] | main.go:47:2:47:12 | definition of RequestData [pointer, Category] |
| main.go:48:4:48:14 | RequestData [pointer, Category] | main.go:48:3:48:14 | star expression [Category] |
| main.go:48:28:48:34 | selection of URL | main.go:48:28:48:42 | call to Query |
| main.go:48:28:48:42 | call to Query | main.go:48:28:48:54 | index expression |
| main.go:48:28:48:54 | index expression | main.go:48:3:48:14 | star expression [Category] |
| main.go:50:7:51:23 | call to Sprintf | main.go:52:11:52:11 | q |
| main.go:51:3:51:13 | RequestData [pointer, Category] | main.go:51:3:51:13 | implicit dereference [Category] |
| main.go:51:3:51:13 | implicit dereference [Category] | main.go:51:3:51:22 | selection of Category |
| main.go:51:3:51:22 | selection of Category | main.go:50:7:51:23 | call to Sprintf |
| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:57:4:57:14 | RequestData [pointer, Category] |
| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:60:5:60:15 | RequestData [pointer, Category] |
| main.go:57:3:57:14 | star expression [Category] | main.go:56:2:56:12 | definition of RequestData [pointer, Category] |
| main.go:57:4:57:14 | RequestData [pointer, Category] | main.go:57:3:57:14 | star expression [Category] |
| main.go:57:28:57:34 | selection of URL | main.go:57:28:57:42 | call to Query |
| main.go:57:28:57:42 | call to Query | main.go:57:28:57:54 | index expression |
| main.go:57:28:57:54 | index expression | main.go:57:3:57:14 | star expression [Category] |
| main.go:59:7:60:26 | call to Sprintf | main.go:61:11:61:11 | q |
| main.go:60:3:60:25 | selection of Category | main.go:59:7:60:26 | call to Sprintf |
| main.go:60:4:60:15 | star expression [Category] | main.go:60:3:60:25 | selection of Category |
| main.go:60:5:60:15 | RequestData [pointer, Category] | main.go:60:4:60:15 | star expression [Category] |
| main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression |
| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query |
| main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression |
| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf |
| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get |
| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf |
| main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] |
| main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] |
| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query |
| main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression |
| main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] |
| main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q |
| main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] |
| main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category |
| main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf |
| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:40:2:40:12 | RequestData [pointer, Category] |
| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] |
| main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] |
| main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] |
| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query |
| main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression |
| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] |
| main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q |
| main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] |
| main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category |
| main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf |
| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:49:4:49:14 | RequestData [pointer, Category] |
| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] |
| main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] |
| main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] |
| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query |
| main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression |
| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] |
| main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q |
| main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] |
| main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category |
| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf |
| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:58:4:58:14 | RequestData [pointer, Category] |
| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] |
| main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] |
| main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] |
| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query |
| main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression |
| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] |
| main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q |
| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf |
| main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category |
| main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] |
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter |
@@ -114,58 +114,58 @@ nodes
| issue48.go:39:8:40:32 | call to Sprintf | semmle.label | call to Sprintf |
| issue48.go:40:3:40:31 | selection of Category | semmle.label | selection of Category |
| issue48.go:41:11:41:12 | q5 | semmle.label | q5 |
| main.go:10:11:10:16 | selection of Form | semmle.label | selection of Form |
| main.go:10:11:10:28 | index expression | semmle.label | index expression |
| main.go:14:11:14:84 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:14:63:14:67 | selection of URL | semmle.label | selection of URL |
| main.go:14:63:14:75 | call to Query | semmle.label | call to Query |
| main.go:14:63:14:83 | index expression | semmle.label | index expression |
| main.go:15:11:15:85 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | semmle.label | selection of Header |
| main.go:15:63:15:84 | call to Get | semmle.label | call to Get |
| main.go:27:17:30:2 | &... [pointer, Category] | semmle.label | &... [pointer, Category] |
| main.go:27:18:30:2 | struct literal [Category] | semmle.label | struct literal [Category] |
| main.go:29:13:29:19 | selection of URL | semmle.label | selection of URL |
| main.go:29:13:29:27 | call to Query | semmle.label | call to Query |
| main.go:29:13:29:39 | index expression | semmle.label | index expression |
| main.go:32:7:33:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:33:3:33:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:33:3:33:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:33:3:33:22 | selection of Category | semmle.label | selection of Category |
| main.go:34:11:34:11 | q | semmle.label | q |
| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:39:2:39:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:39:2:39:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:39:25:39:31 | selection of URL | semmle.label | selection of URL |
| main.go:39:25:39:39 | call to Query | semmle.label | call to Query |
| main.go:39:25:39:51 | index expression | semmle.label | index expression |
| main.go:41:7:42:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:42:3:42:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:42:3:42:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:42:3:42:22 | selection of Category | semmle.label | selection of Category |
| main.go:43:11:43:11 | q | semmle.label | q |
| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:48:3:48:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:48:4:48:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:48:28:48:34 | selection of URL | semmle.label | selection of URL |
| main.go:48:28:48:42 | call to Query | semmle.label | call to Query |
| main.go:48:28:48:54 | index expression | semmle.label | index expression |
| main.go:50:7:51:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:51:3:51:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:51:3:51:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:51:3:51:22 | selection of Category | semmle.label | selection of Category |
| main.go:52:11:52:11 | q | semmle.label | q |
| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:57:3:57:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:57:4:57:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:57:28:57:34 | selection of URL | semmle.label | selection of URL |
| main.go:57:28:57:42 | call to Query | semmle.label | call to Query |
| main.go:57:28:57:54 | index expression | semmle.label | index expression |
| main.go:59:7:60:26 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:60:3:60:25 | selection of Category | semmle.label | selection of Category |
| main.go:60:4:60:15 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:60:5:60:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:61:11:61:11 | q | semmle.label | q |
| main.go:11:11:11:16 | selection of Form | semmle.label | selection of Form |
| main.go:11:11:11:28 | index expression | semmle.label | index expression |
| main.go:15:11:15:84 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:15:63:15:67 | selection of URL | semmle.label | selection of URL |
| main.go:15:63:15:75 | call to Query | semmle.label | call to Query |
| main.go:15:63:15:83 | index expression | semmle.label | index expression |
| main.go:16:11:16:85 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:16:63:16:70 | selection of Header | semmle.label | selection of Header |
| main.go:16:63:16:84 | call to Get | semmle.label | call to Get |
| main.go:28:17:31:2 | &... [pointer, Category] | semmle.label | &... [pointer, Category] |
| main.go:28:18:31:2 | struct literal [Category] | semmle.label | struct literal [Category] |
| main.go:30:13:30:19 | selection of URL | semmle.label | selection of URL |
| main.go:30:13:30:27 | call to Query | semmle.label | call to Query |
| main.go:30:13:30:39 | index expression | semmle.label | index expression |
| main.go:33:7:34:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:34:3:34:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:34:3:34:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:34:3:34:22 | selection of Category | semmle.label | selection of Category |
| main.go:35:11:35:11 | q | semmle.label | q |
| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:40:2:40:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:40:2:40:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:40:25:40:31 | selection of URL | semmle.label | selection of URL |
| main.go:40:25:40:39 | call to Query | semmle.label | call to Query |
| main.go:40:25:40:51 | index expression | semmle.label | index expression |
| main.go:42:7:43:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:43:3:43:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:43:3:43:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:43:3:43:22 | selection of Category | semmle.label | selection of Category |
| main.go:44:11:44:11 | q | semmle.label | q |
| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:49:3:49:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:49:4:49:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:49:28:49:34 | selection of URL | semmle.label | selection of URL |
| main.go:49:28:49:42 | call to Query | semmle.label | call to Query |
| main.go:49:28:49:54 | index expression | semmle.label | index expression |
| main.go:51:7:52:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:52:3:52:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:52:3:52:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:52:3:52:22 | selection of Category | semmle.label | selection of Category |
| main.go:53:11:53:11 | q | semmle.label | q |
| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
| main.go:58:3:58:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:58:4:58:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:58:28:58:34 | selection of URL | semmle.label | selection of URL |
| main.go:58:28:58:42 | call to Query | semmle.label | call to Query |
| main.go:58:28:58:54 | index expression | semmle.label | index expression |
| main.go:60:7:61:26 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:61:3:61:25 | selection of Category | semmle.label | selection of Category |
| main.go:61:4:61:15 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:61:5:61:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:62:11:62:11 | q | semmle.label | q |
| mongoDB.go:40:20:40:30 | call to Referer | semmle.label | call to Referer |
| mongoDB.go:42:19:42:42 | struct literal | semmle.label | struct literal |
| mongoDB.go:42:28:42:41 | untrustedInput | semmle.label | untrustedInput |
@@ -191,13 +191,13 @@ subpaths
| issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 | This query depends on a $@. | issue48.go:17:25:17:32 | selection of Body | user-provided value |
| issue48.go:32:11:32:12 | q4 | issue48.go:27:26:27:33 | selection of Body | issue48.go:32:11:32:12 | q4 | This query depends on a $@. | issue48.go:27:26:27:33 | selection of Body | user-provided value |
| issue48.go:41:11:41:12 | q5 | issue48.go:37:24:37:30 | selection of URL | issue48.go:41:11:41:12 | q5 | This query depends on a $@. | issue48.go:37:24:37:30 | selection of URL | user-provided value |
| main.go:10:11:10:28 | index expression | main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression | This query depends on a $@. | main.go:10:11:10:16 | selection of Form | user-provided value |
| main.go:14:11:14:84 | call to Sprintf | main.go:14:63:14:67 | selection of URL | main.go:14:11:14:84 | call to Sprintf | This query depends on a $@. | main.go:14:63:14:67 | selection of URL | user-provided value |
| main.go:15:11:15:85 | call to Sprintf | main.go:15:63:15:70 | selection of Header | main.go:15:11:15:85 | call to Sprintf | This query depends on a $@. | main.go:15:63:15:70 | selection of Header | user-provided value |
| main.go:34:11:34:11 | q | main.go:29:13:29:19 | selection of URL | main.go:34:11:34:11 | q | This query depends on a $@. | main.go:29:13:29:19 | selection of URL | user-provided value |
| main.go:43:11:43:11 | q | main.go:39:25:39:31 | selection of URL | main.go:43:11:43:11 | q | This query depends on a $@. | main.go:39:25:39:31 | selection of URL | user-provided value |
| main.go:52:11:52:11 | q | main.go:48:28:48:34 | selection of URL | main.go:52:11:52:11 | q | This query depends on a $@. | main.go:48:28:48:34 | selection of URL | user-provided value |
| main.go:61:11:61:11 | q | main.go:57:28:57:34 | selection of URL | main.go:61:11:61:11 | q | This query depends on a $@. | main.go:57:28:57:34 | selection of URL | user-provided value |
| main.go:11:11:11:28 | index expression | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | This query depends on a $@. | main.go:11:11:11:16 | selection of Form | user-provided value |
| main.go:15:11:15:84 | call to Sprintf | main.go:15:63:15:67 | selection of URL | main.go:15:11:15:84 | call to Sprintf | This query depends on a $@. | main.go:15:63:15:67 | selection of URL | user-provided value |
| main.go:16:11:16:85 | call to Sprintf | main.go:16:63:16:70 | selection of Header | main.go:16:11:16:85 | call to Sprintf | This query depends on a $@. | main.go:16:63:16:70 | selection of Header | user-provided value |
| main.go:35:11:35:11 | q | main.go:30:13:30:19 | selection of URL | main.go:35:11:35:11 | q | This query depends on a $@. | main.go:30:13:30:19 | selection of URL | user-provided value |
| main.go:44:11:44:11 | q | main.go:40:25:40:31 | selection of URL | main.go:44:11:44:11 | q | This query depends on a $@. | main.go:40:25:40:31 | selection of URL | user-provided value |
| main.go:53:11:53:11 | q | main.go:49:28:49:34 | selection of URL | main.go:53:11:53:11 | q | This query depends on a $@. | main.go:49:28:49:34 | selection of URL | user-provided value |
| main.go:62:11:62:11 | q | main.go:58:28:58:34 | selection of URL | main.go:62:11:62:11 | q | This query depends on a $@. | main.go:58:28:58:34 | selection of URL | user-provided value |
| mongoDB.go:57:22:57:29 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
| mongoDB.go:61:27:61:32 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:61:27:61:32 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
| mongoDB.go:63:23:63:28 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:63:23:63:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |

11
go/ql/test/query-tests/Security/CWE-089/main.go
View File

@@ -2,6 +2,7 @@ package main
import (
"database/sql"
"encoding/json"
"fmt"
"net/http"
)
@@ -60,3 +61,13 @@ func handler5(db *sql.DB, req *http.Request) {
(*RequestData).Category)
db.Query(q)
}
// This is an integer, so should not counted as injection
func handlerint(db *sql.DB, req *http.Request) {
var request RequestStruct
json.NewDecoder(req.Body).Decode(&request)
q := fmt.Sprintf("SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='%d' ORDER BY PRICE",
request.Id)
db.Query(q)
}