gitlab.find_sec_bugs.AWS_QUERY_INJECTION-1
unknown
Download Count*
License
Constructing SimpleDB queries containing user input can allow an attacker to view unauthorized records.
Run Locally
Run in CI
Defintion
rules:
- id: find_sec_bugs.AWS_QUERY_INJECTION-1
mode: taint
pattern-sources:
- patterns:
- pattern-inside: |
$FUNC(..., $VAR, ...) {
...
}
- pattern: $VAR
- patterns:
- pattern-inside: |
$FUNC(...) {
...
$VAR = ... + $X;
...
}
- pattern: $VAR
pattern-sinks:
- patterns:
- pattern-either:
- pattern-inside: |
$REQ = new SelectRequest($QUERY, ...);
...
$DB.select($REQ);
- pattern-inside: |
$DB.select(new SelectRequest($QUERY,...));
- pattern-inside: >
$DB.select((SelectRequest
$SR).withSelectExpression($QUERY,...));
- pattern: $QUERY
- metavariable-pattern:
metavariable: $DB
pattern-either:
- pattern: (AmazonSimpleDB $DB)
- pattern: (AmazonSimpleDBClient $DB)
message: >
Constructing SimpleDB queries containing user input can allow an attacker
to view unauthorized
records.
languages:
- java
severity: ERROR
metadata:
category: security
cwe: "CWE-943: Improper Neutralization of Special Elements in Data Query Logic"
technology:
- java
primary_identifier: find_sec_bugs.AWS_QUERY_INJECTION-1
secondary_identifiers:
- name: Find Security Bugs-AWS_QUERY_INJECTION
type: find_sec_bugs_type
value: AWS_QUERY_INJECTION
license: MIT
Short Link: https://sg.run/ALZ6