gitlab.gosec.G201-1
unknown
Download Count*
License
SQL query construction using format string
Run Locally
Run in CI
Defintion
rules:
- id: gosec.G201-1
patterns:
- pattern-inside: |
$Q := fmt.Sprintf("$QUERY", ...)
...
- pattern-not-inside: |
$Q := fmt.Sprintf("$QUERY", "...")
...
- pattern-not-inside: |
pq.QuoteIdentifier(...)
...
- metavariable-regex:
metavariable: $QUERY
regex: (?i)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE).*%[^bdoxXfFp].*
- pattern-either:
- pattern: $DB.QueryContext(..., $Q)
- pattern: $DB.Query($Q)
message: |
SQL query construction using format string
metadata:
cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL
Command"
primary_identifier: gosec.G201-1
secondary_identifiers:
- name: Gosec Rule ID G201
type: gosec_rule_id
value: G201
license: MIT
severity: WARNING
languages:
- go
Short Link: https://sg.run/18Z1