From 6701385172562efb59564c1aafa040a4fdcec000 Mon Sep 17 00:00:00 2001
From: QU35T-code <github@qu35t-mail.simplelogin.com>
Date: Mon, 4 Nov 2024 12:19:11 +0100
Subject: [PATCH] Add literal pattern

---
 .../security/audit/sequelize-raw-query.yaml          | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/javascript/sequelize/security/audit/sequelize-raw-query.yaml b/javascript/sequelize/security/audit/sequelize-raw-query.yaml
index 368c91473c..176dfe59a3 100644
--- a/javascript/sequelize/security/audit/sequelize-raw-query.yaml
+++ b/javascript/sequelize/security/audit/sequelize-raw-query.yaml
@@ -40,3 +40,15 @@ rules:
       $QUERY = $SQL + $VALUE
       ...
       $DATABASE.sequelize.query($QUERY, ...)
+  - pattern: |
+      Sequelize.literal(`...${...}...`)
+  - pattern: |
+      $QUERY = `...${...}...`
+      ...
+      Sequelize.literal($QUERY)
+  - pattern: |
+      Sequelize.literal($SQL + $VALUE)
+  - pattern: |
+      $QUERY = $SQL + $VALUE
+      ...
+      Sequelize.literal($QUERY)