SQL injection vulnerability detected.
- Rule ID: javascript_lang_sql_injection
- Languages: javascript
- Source: sql_injection.yml
Description
Including unsanitized data, such as user input or request data, in raw SQL queries makes your application vulnerable to SQL injection attacks.
Remediations
❌ Avoid raw queries, especially those that contain unsanitized user input
var sqlite = new Sequelize("sqlite::memory:");
sqlite.query("SELECT * FROM users WHERE ID = " + req.params.userId);
Instead, consider the following approaches when writing SQL queries
✅ Validate query input wherever possible
var rawId = req.params.userId
if !(/[0-9]+/.test(rawId)) {
// input is unexpected; don't make the query
}
✅ Use prepared (or parameterized) statements when querying
Sequelize example -
var sqlite = new Sequelize("sqlite::memory:");
sqlite.query(
"SELECT * FROM users WHERE ID = ?",
{ replacements: [req.params.userId] },
type: sequelize.QueryTypes.SELECT
)
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=javascript_lang_sql_injection
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=javascript_lang_sql_injection
Ready to take the next step? Learn more about Bearer Cloud.