Skip to content

Commit

Permalink
Merge branch 'develop' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@0xDC0DE
0xDC0DE authored Nov 18, 2024
2 parents 3fa6bdc + 495df89 commit 1aabced
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
12 changes: 12 additions & 0 deletions javascript/sequelize/security/audit/sequelize-raw-query.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,15 @@ rules:
$QUERY = $SQL + $VALUE
...
$DATABASE.sequelize.query($QUERY, ...)
- pattern: |
Sequelize.literal(`...${...}...`)
- pattern: |
$QUERY = `...${...}...`
...
Sequelize.literal($QUERY)
- pattern: |
Sequelize.literal($SQL + $VALUE)
- pattern: |
$QUERY = $SQL + $VALUE
...
Sequelize.literal($QUERY)
5 changes: 5 additions & 0 deletions scala/lang/security/audit/tainted-sql-string.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,4 +94,9 @@ object Smth {
logWarning(s"Create user $name")
}
}

def throwException(name: String) = {
// ok: tainted-sql-string
throw new IllegalArgumentException(s"Can't create a ${name}")
}
}
1 change: 1 addition & 0 deletions scala/lang/security/audit/tainted-sql-string.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ rules:
- pattern-regex: |
.*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
- pattern-not-inside: println(...)
- pattern-not-inside: throw new $EXCEPTION(...)
pattern-sanitizers:
- pattern-either:
- patterns:
Expand Down

0 comments on commit 1aabced

Please sign in to comment.