hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 17:59:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0d762066f5edb043716ef31da50de3d8ba8eaca3
codeql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
Max Schaefer 31bb39a810 JavaScript: Autoformat all QL files.
2019-01-07 10:15:45 +00:00

27 lines
857 B
Plaintext
Raw Blame History

/**
* @name Database query built from user-controlled sources
* @description Building a database query from user-controlled sources is vulnerable to insertion of
* malicious code by the user.
* @kind path-problem
* @problem.severity error
* @precision high
* @id js/sql-injection
* @tags security
* external/cwe/cwe-089
*/
import javascript
import semmle.javascript.security.dataflow.SqlInjection
import semmle.javascript.security.dataflow.NosqlInjection
import DataFlow::PathGraph
from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where
(
cfg instanceof SqlInjection::Configuration or
cfg instanceof NosqlInjection::Configuration
) and
cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "This query depends on $@.", source.getNode(),
"a user-provided value"
Reference in New Issue View Git Blame Copy Permalink