Merge pull request #50 from GitHubSecurityLab/js-audit-sqlinjection

GeekMasher · web-flow · commit 6fbd0ea7d90e · 2024-04-24T23:40:27.000+01:00
Create JS SqlInjectionAudit.ql
diff --git a/javascript/src/audit/CWE-089/SqlInjectionAudit.md b/javascript/src/audit/CWE-089/SqlInjectionAudit.md
@@ -0,0 +1,3 @@
+# Audit:  Usage of unsafe Database query
+
+This query detects the use of unsafe sql injection sinks. Unsafe sql sinks are functions that can lead to remote code execution if user controled input comes into the sink
diff --git a/javascript/src/audit/CWE-089/SqlInjectionAudit.ql b/javascript/src/audit/CWE-089/SqlInjectionAudit.ql
@@ -0,0 +1,21 @@
+/**
+ * @name Audit: Database query built from user-controlled sources
+ * @description A SQL Injection sink is being used in your application, this can lead to remote code execution if user controled input comes into the sink
+ * @kind problem
+ * @problem.severity error
+ * @security-severity 3.0
+ * @id githubsecuritylab/audit/sql-injection
+ * @tags security
+ *       external/cwe/cwe-089
+ *       external/cwe/cwe-090
+ *       external/cwe/cwe-943
+ *       audit
+ */
+
+import javascript
+import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
+import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
+
+from DataFlow::Node sink
+where sink instanceof SqlInjection::Sink or sink instanceof NosqlInjection::Sink
+select sink, "Possible SQL Injection sink"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# Audit: Usage of unsafe Database query`
	`2`	`+`
	`3`	`+This query detects the use of unsafe sql injection sinks. Unsafe sql sinks are functions that can lead to remote code execution if user controled input comes into the sink`