hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
12bd7092194ed9d565645968934135863196090d
codeql/ruby/ql/test/library-tests/frameworks/sqlite3/sqlite3.rb
Owen Mansel-Chan 1fa183ee2a Improve Sqlite3 test
2026-02-17 22:27:04 +00:00

36 lines
821 B
Ruby
Raw Blame History

require 'sqlite3'
db = SQLite3::Database.new "test.db"
db.execute <<-SQL
create table numbers (
name varchar(30),
val int
);
SQL
stmt = db.prepare "select * from numbers"
stmt.execute
SQLite3::Database.new( "data.db" ) do |db|
db.execute( "select * from table" ) do |row|
p row
end
end
class SqliteController < ActionController::Base
def sqlite3_handler
category = params[:category] # $ Source[rb/sql-injection]
db = SQLite3::Database.new "test.db"
# BAD: SQL injection vulnerability
db.execute("select * from table where category = '#{category}'") # $ Alert[rb/sql-injection]
# GOOD: Sanitized by SQLite3::Database.quote
sanitized_category = SQLite3::Database.quote(category)
db.execute("select * from table where category = '#{sanitized_category}'")
end
end
Reference in New Issue View Git Blame Copy Permalink