Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sequelize-raw-query] - Literal pattern #3507

Merged
merged 3 commits into from
Nov 12, 2024
Merged

[sequelize-raw-query] - Literal pattern #3507

merged 3 commits into from
Nov 12, 2024

Conversation

qu35t-code
Copy link
Contributor

Hello,

This PR adds patterns to find SQL injections via sequelize literal() function.

Sequelize documentation : https://sequelize.org/docs/v6/other-topics/sub-queries/

Playground rule : https://semgrep.dev/playground/r/OrUN1z3/qu35t.sequelize-raw-query

@CLAassistant
Copy link

CLAassistant commented Nov 4, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@0xDC0DE
Copy link
Contributor

0xDC0DE commented Nov 12, 2024

Hey @qu35t-code , these look like they are nice additions to the rule. Thanks for your contribution!

@0xDC0DE 0xDC0DE enabled auto-merge (squash) November 12, 2024 08:53
@0xDC0DE 0xDC0DE merged commit aaf727c into semgrep:develop Nov 12, 2024
8 checks passed
0xDC0DE added a commit that referenced this pull request Nov 13, 2024
@r2c-argo @berney
@0xDC0DE @qu35t-code
Merge Develop into Release (#3515)
d53e57e 
* Allow OWASP Top 10 references from Kubernetes and LLM Top 10 (#3499)

Co-authored-by: Berne Campbell <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>

* Add literal pattern (#3507)

Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>

---------

Co-authored-by: berney <[email protected]>
Co-authored-by: Berne Campbell <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Co-authored-by: QU35T-code <[email protected]>
0xDC0DE added a commit that referenced this pull request Nov 18, 2024
@r2c-argo @berney
@0xDC0DE @qu35t-code
Merge Develop into Release (#3516)
6c78f54 
* Allow OWASP Top 10 references from Kubernetes and LLM Top 10 (#3499)

Co-authored-by: Berne Campbell <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>

* Add literal pattern (#3507)

Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>

* Filter exceptions from tainted-sql-string (#3501)

Co-authored-by: Berne Campbell <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>

---------

Co-authored-by: berney <[email protected]>
Co-authored-by: Berne Campbell <[email protected]>
Co-authored-by: Pieter De Cremer (Semgrep) <[email protected]>
Co-authored-by: QU35T-code <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xDC0DE 0xDC0DE 0xDC0DE approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qu35t-code @CLAassistant @0xDC0DE