scala.slick.security.scala-slick-overridesql-literal.scala-slick-overrideSql-literal
semgrepAuthor
unknown
Download Count*
License
Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Avoid using non literal values in overrideSql(...).
Run Locally
Run in CI
Defintion
rules:
- id: scala-slick-overrideSql-literal
patterns:
- pattern: $MODEL.overrideSql($QUERY,...)
- pattern-not: $MODEL.overrideSql("...",...)
- pattern-not-inside: |
$QUERY = "..."
...
message: Detected a formatted string in a SQL statement. This could lead to SQL
injection if variables in the SQL statement are not properly sanitized.
Avoid using non literal values in `overrideSql(...)`.
languages:
- scala
severity: ERROR
metadata:
category: security
cwe:
- "CWE-89: Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection')"
owasp:
- A01:2017 - Injection
- A03:2021 - Injection
technology:
- scala
- slick
confidence: LOW
references:
- https://owasp.org/Top10/A03_2021-Injection
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- SQL Injection
Examples
scala-slick-overrideSql-literal.scala
import slick.jdbc.H2Profile.api._
class FooBar {
def something(name: String) = {
val db = Database.forConfig("h2mem1")
lazy val people = TableQuery[People]
// ok: scala-slick-overrideSql-literal
people.map(p => (p.id,p.name,p.age))
.result
.overrideSql("SELECT id, name, age FROM Person")
val query = "SELECT id, name, age FROM Person"
// ok: scala-slick-overrideSql-literal
people.map(p => (p.id,p.name,p.age))
.result
.overrideSql(query)
// ruleid: scala-slick-overrideSql-literal
people.map(p => (p.id,p.name,p.age))
.result
.overrideSql(s"SELECT id, name, age FROM Person WHERE $name")
}
}Short Link: https://sg.run/PYe0