sql-injection

python.sqlalchemy.security.sqlalchemy-sql-injection.sqlalchemy-sql-injection

semgrep

Distinct, Having, Group_by, Order_by, and Filter in SQLAlchemy can cause sql injections if the developer inputs raw SQL into the before-mentioned clauses. This pattern captures relevant cases in which the developer inputs raw SQL into the distinct, having, group_by, order_by or filter clauses and injects user-input into the raw SQL with any function besides "bindparams". Use bindParams to securely bind user-input to SQL statements.

java.lang.security.audit.formatted-sql-string.formatted-sql-string

semgrep

Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.

python.django.security.injection.sql.sql-injection-extra.sql-injection-using-extra-where

semgrep

User-controlled data from a request is passed to 'extra()'. This could lead to a SQL injection and therefore protected information could be leaked. Instead, use parameterized queries or escape the user-controlled data by using `params` and not using quote placeholders in the SQL string.

python.django.security.injection.sql.sql-injection-rawsql.sql-injection-using-rawsql

semgrep

User-controlled data from request is passed to 'RawSQL()'. This could lead to a SQL injection and therefore protected information could be leaked. Instead, use parameterized queries or escape the user-controlled data by using `params` and not using quote placeholders in the SQL string.

python.django.security.injection.sql.sql-injection-using-db-cursor-execute.sql-injection-db-cursor-execute

semgrep

User-controlled data from a request is passed to 'execute()'. This could lead to a SQL injection and therefore protected information could be leaked. Instead, use django's QuerySets, which are built with query parameterization and therefore not vulnerable to sql injection. For example, you could use `Entry.objects.filter(date=2006)`.

python.django.security.injection.sql.sql-injection-using-raw.sql-injection-using-raw

semgrep

Data that is possible user-controlled from a python request is passed to `raw()`. This could lead to SQL injection and attackers gaining access to protected information. Instead, use django's QuerySets, which are built with query parameterization and therefore not vulnerable to sql injection. For example, you could use `Entry.objects.filter(date=2006)`.

semgrep

In $METHOD, $X is used to construct a SQL query via string concatenation.

semgrep

Detected a string argument from a public method contract in a raw SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.

semgrep

Detected string concatenation with a non-literal variable in a pg Ruby SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized queries like so: `conn.exec_params('SELECT $1 AS a, $2 AS b, $3 AS c', [1, 2, nil])` And you can use prepared statements with `exec_prepared`.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements instead. You can obtain a PreparedStatement using 'SqlCommand' and 'SqlParameter'.

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls.

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected usage of dangerous method $METHOD which does not escape inputs (see link in references). If the argument is user-controlled, this can lead to SQL injection. When using $METHOD function, do not trust user-submitted data and only allow approved list of input (possibly, use an allowlist approach).

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`db.Query("SELECT * FROM t WHERE id = ?", id)`) or a safe library.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use parameterized SQL queries or properly sanitize user input instead.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected input from a HTTPServletRequest going into a SQL sink or statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use parameterized SQL queries or properly sanitize user input instead.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `knex.raw('SELECT $1 from table', [userinput])`

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `connection.query('SELECT $1 from table', [userinput])`

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `connection.query('SELECT $1 from table', [userinput])`

semgrep

Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `sequelize.query('SELECT * FROM projects WHERE status = ?', { replacements: ['active'], type: QueryTypes.SELECT });`

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected SQL statement that is tainted by `$REQ` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. An example of parameterized queries like so: `knex.raw('SELECT $1 from table', [userinput])` can help prevent SQLi.

semgrep

Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

`$QUERY` Detected string concatenation with a non-literal variable in a Doctrine QueryBuilder method. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead.

semgrep

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, label) VALUES (?, ?)");`) or a safe library.

semgrep

HTTP method [$METHOD] to Laravel route $ROUTE_NAME is vulnerable to SQL injection via string concatenation or unsafe interpolation.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Detected a SQL query based on user input. This could lead to SQL injection, which could potentially result in sensitive data being exfiltrated by attackers. Instead, use parameterized queries and prepared statements.

semgrep

Found a request argument passed to an `ignore()` definition in a Rule constraint. This can lead to SQL injection.

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `cursor.execute('SELECT * FROM projects WHERE status = %s', ('active'))`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `cursor.execute('SELECT * FROM projects WHERE status = %s', 'active')`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `cursor.execute('SELECT * FROM projects WHERE status = %s', 'active')`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `cursor.execute('SELECT * FROM projects WHERE status = %s', ('active'))`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `cursor.execute('SELECT * FROM projects WHERE status = ?', 'active')`

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Distinct, Having, Group_by, Order_by, and Filter in SQLAlchemy can cause sql injections if the developer inputs raw SQL into the before-mentioned clauses. This pattern captures relevant cases in which the developer inputs raw SQL into the distinct, having, group_by, order_by or filter clauses and injects user-input into the raw SQL with any function besides "bindparams". Use bindParams to securely bind user-input to SQL statements.

semgrep

sqlalchemy.text passes the constructed SQL statement to the database mostly unchanged. This means that the usual SQL injection protections are not applied and this function is vulnerable to SQL injection if user input can reach here. Use normal SQLAlchemy operators (such as or_, and_, etc.) to construct SQL.

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `Example.find_by_sql ["SELECT title FROM posts WHERE author = ? AND created > ?", author_id, start_date]`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use sanitize statements like so: `escaped = client.escape(user_input)`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `conn.exec_params('SELECT $1 AS a, $2 AS b, $3 AS c', [1, 2, nil])`

semgrep

Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: `DB['select * from items where name = ?', name]`

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.

semgrep

Found potential SQL injection due to unsafe SQL query construction via $X. Where possible, prefer parameterized queries.

semgrep

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as ActiveRecord which will protect your queries.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

semgrep

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.

semgrep

Detected a tainted SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Avoid using using user input for generating SQL strings.

semgrep

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.

semgrep

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.