SQL injection vulnerability detected.
- Rule ID: javascript_aws_lambda_sql_injection
- Languages: javascript
- Source: sql_injection.yml
Description
Including unsanitized data, such as user input or request data, in raw SQL queries makes your application vulnerable to SQL injection attacks.
Remediations
Use safe sql libraries methods which sanitze user input
Sequelize example
const { Op } = require("sequelize");
module.exports= async function(event, context) {
await Post.findAll({
where: {
[Op.or]: [
{ authorId: event.authorID },
{ authorId: 13 }
]
}
});
};