gitlab.gosec.G202-1

unknown

Download Count*

MIT

License

SQL query construction using string concatenation

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G202-1
    patterns:
      - pattern-inside: |
          import "database/sql"
          ...
      - pattern-either:
          - pattern: $DB.Query($Q + $IN)
          - pattern: $DB.QueryContext(..., $Q + $IN)
      - pattern-not: $DB.QueryContext(..., "..." + "...")
      - pattern-not: $DB.Query("..." + "...")
    message: |
      SQL query construction using string concatenation
    metadata:
      cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL
        Command"
      primary_identifier: gosec.G202-1
      secondary_identifiers:
        - name: Gosec Rule ID G202
          type: gosec_rule_id
          value: G202
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/jwRP