Skip to content

Commit

Permalink
remove duplicated rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinabraham
ajinabraham authored Jul 27, 2021
1 parent 9f8011c commit c032daf
Showing 1 changed file with 0 additions and 69 deletions.
69 changes: 0 additions & 69 deletions njsscan/rules/semantic_grep/database/sql_injection.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,72 +37,3 @@ rules:
cwe: >-
CWE-89: Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection')
- id: node_knex_sqli_injection
patterns:
- pattern-either:
- pattern-inside: |
$KNEX = require('knex')
...
- pattern-inside: |
$KNEX = require('knex')(...)
...
- pattern-either:
- pattern: |
$K.raw(<... $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$K.raw(<... $REQ.$QUERY ...>, ...)
- pattern: |
$SQL = <... $REQ.$QUERY.$VAR ...>;
...
$K.raw(<... $SQL ...>, ...)
- pattern: |
$SQL = <... $REQ.$QUERY ...>;
...
$K.raw(<... $SQL ...>, ...)
- pattern: |
$INP = <... $REQ.$QUERY.$VAR ...>;
...
$SQL = <... $INP ...>;
...
$K.raw(<... $SQL ...>, ...)
- pattern: |
$INP = <... $REQ.$QUERY ...>;
...
$SQL = <... $INP ...>;
...
$K.raw(<... $SQL ...>, ...)
- pattern: |
$K.whereRaw(<... $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$K.whereRaw(<... $REQ.$QUERY ...>, ...)
- pattern: |
$SQL = <... $REQ.$QUERY.$VAR ...>;
...
$K.whereRaw(<... $SQL ...>, ...)
- pattern: |
$SQL = <... $REQ.$QUERY ...>;
...
$K.whereRaw(<... $SQL ...>, ...)
- pattern: |
$INP = <... $REQ.$QUERY.$VAR ...>;
...
$SQL = <... $INP ...>;
...
$K.whereRaw(<... $SQL ...>, ...)
- pattern: |
$INP = <... $REQ.$QUERY ...>;
...
$SQL = <... $INP ...>;
...
$K.whereRaw(<... $SQL ...>, ...)
message: >-
Untrusted input concatinated with raw SQL query using knex raw()
or whereRaw() functions can result in SQL Injection.
languages:
- javascript
severity: ERROR
metadata:
owasp: 'A1: Injection'
cwe: >-
CWE-89: Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection')

0 comments on commit c032daf

Please sign in to comment.