Semgrep Registry - javascript.aws-lambda.security.mysql-sqli.mysql-sqli

Detected SQL statement that is tainted by $EVENT object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: connection.query('SELECT $1 from table', [userinput])

Defintion

Open in Playground

rules:
  - id: mysql-sqli
    message: "Detected SQL statement that is tainted by `$EVENT` object. This could
      lead to SQL injection if the variable is user-controlled and not properly
      sanitized. In order to prevent SQL injection, use parameterized queries or
      prepared statements instead. You can use parameterized statements like so:
      `connection.query('SELECT $1 from table', [userinput])`"
    metadata:
      references:
        - https://www.npmjs.com/package/mysql2
      category: security
      owasp:
        - A01:2017 - Injection
        - A03:2021 - Injection
      cwe:
        - "CWE-89: Improper Neutralization of Special Elements used in an SQL
          Command ('SQL Injection')"
      technology:
        - aws-lambda
        - mysql
        - mysql2
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - vuln
      likelihood: MEDIUM
      impact: HIGH
      confidence: MEDIUM
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - SQL Injection
    languages:
      - javascript
      - typescript
    severity: WARNING
    mode: taint
    pattern-sources:
      - patterns:
          - pattern-either:
              - pattern-inside: |
                  exports.handler = function ($EVENT, ...) {
                    ...
                  }
              - pattern-inside: |
                  function $FUNC ($EVENT, ...) {...}
                  ...
                  exports.handler = $FUNC
              - pattern-inside: |
                  $FUNC = function ($EVENT, ...) {...}
                  ...
                  exports.handler = $FUNC
          - pattern: $EVENT
    pattern-sinks:
      - patterns:
          - focus-metavariable: $QUERY
          - pattern-either:
              - pattern: $POOL.query($QUERY, ...)
              - pattern: $POOL.execute($QUERY, ...)
          - pattern-either:
              - pattern-inside: |
                  require('mysql')
                  ...
              - pattern-inside: |
                  require('mysql2')
                  ...
              - pattern-inside: |
                  require('mysql2/promise')
                  ...
              - pattern-inside: |
                  import 'mysql'
                  ...
              - pattern-inside: |
                  import 'mysql2'
                  ...
              - pattern-inside: |
                  import 'mysql2/promise'
                  ...

javascript.aws-lambda.security.mysql-sqli.mysql-sqli

Run Locally

Run in CI

Defintion

Examples

mysql-sqli.js