Skip to content

Instantly share code, notes, and snippets.

@rohitnss

rohitnss/sql-3.yml

Last active July 31, 2020 08:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rohitnss/6d3965059f75095e59f7719322a0fd7d to your computer and use it in GitHub Desktop.
Save rohitnss/6d3965059f75095e59f7719322a0fd7d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sql-3.yml
rules:
- id: sql.injection
message: |
SQL Injection.
metadata:
owasp: "A1: Injection"
severity: ERROR
patterns:
- pattern-either:
- pattern: | #executeQuery
$RETURN $METHOD(...,String $VAR, ...) {
...
$SQL = $X + $VAR + $Y;
...
$W.executeQuery($SQL, ...);
...
}
- pattern: | #execute
$RETURN $METHOD(...,String $VAR, ...) {
...
$SQL = $X + $VAR + $Y;
...
$W.execute($SQL, ...);
...
}
- pattern: | #prepareStatement
$RETURN $METHOD(...,String $VAR, ...) {
...
$SQL = $X + $VAR + $Y;
...
$W.prepareStatement($SQL, ...);
...
}
languages:
- java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment