Filter exceptions from tainted-sql-string #3501

berney · 2024-10-25T09:56:15Z

Original rule will think string interpolation in throwing an exception is a SQL injection.
Which makes this rule very noisy.

0xDC0DE · 2024-11-12T08:33:51Z

Hey @berney , this looks like a great update! Thanks for your contribution.

* Allow OWASP Top 10 references from Kubernetes and LLM Top 10 (#3499) Co-authored-by: Berne Campbell <[email protected]> Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> * Add literal pattern (#3507) Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> * Filter exceptions from tainted-sql-string (#3501) Co-authored-by: Berne Campbell <[email protected]> Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> --------- Co-authored-by: berney <[email protected]> Co-authored-by: Berne Campbell <[email protected]> Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]> Co-authored-by: QU35T-code <[email protected]>

Filter exceptions from tainted-sql-string

6585c45

0xDC0DE approved these changes Nov 12, 2024

View reviewed changes

Merge branch 'develop' into b-tainted-sql-string-exclude-throw-exception

62c818d

Merge branch 'develop' into b-tainted-sql-string-exclude-throw-exception

6ae468e

0xDC0DE enabled auto-merge (squash) November 12, 2024 12:59

Merge branch 'develop' into b-tainted-sql-string-exclude-throw-exception

1598a34

0xDC0DE merged commit 495df89 into semgrep:develop Nov 13, 2024
8 checks passed

berney deleted the b-tainted-sql-string-exclude-throw-exception branch January 21, 2025 04:47

Provide feedback