From 6585c453257aef969c98f5f25fb61216bbb93ef0 Mon Sep 17 00:00:00 2001
From: Berne Campbell <3227426+berney@users.noreply.github.com>
Date: Fri, 25 Oct 2024 20:51:39 +1100
Subject: [PATCH] Filter exceptions from tainted-sql-string

---
 scala/lang/security/audit/tainted-sql-string.scala | 5 +++++
 scala/lang/security/audit/tainted-sql-string.yaml  | 1 +
 2 files changed, 6 insertions(+)

diff --git a/scala/lang/security/audit/tainted-sql-string.scala b/scala/lang/security/audit/tainted-sql-string.scala
index 59bd99623c..d1a12cff09 100644
--- a/scala/lang/security/audit/tainted-sql-string.scala
+++ b/scala/lang/security/audit/tainted-sql-string.scala
@@ -94,4 +94,9 @@ object Smth {
         logWarning(s"Create user $name")
     }
   }
+
+  def throwException(name: String) = {
+    // ok: tainted-sql-string
+    throw new IllegalArgumentException(s"Can't create a ${name}")
+  }
 }
diff --git a/scala/lang/security/audit/tainted-sql-string.yaml b/scala/lang/security/audit/tainted-sql-string.yaml
index c02debe264..24805b5acd 100644
--- a/scala/lang/security/audit/tainted-sql-string.yaml
+++ b/scala/lang/security/audit/tainted-sql-string.yaml
@@ -73,6 +73,7 @@ rules:
         - pattern-regex: |
             .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
     - pattern-not-inside: println(...)
+    - pattern-not-inside: throw new $EXCEPTION(...)
   pattern-sanitizers:
   - pattern-either:
     - patterns: