go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-23 22:15:04 +02:00
Code Issues Releases Activity

rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed

Browse Source
This commit is contained in:
Eshani Parulekar
2025-09-12 13:49:46 +05:30
committed by Cosmin Cojocar
parent 4be6b11bbc
commit 40ac53017b
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
rules/sql.go
View File

@@ -191,6 +191,11 @@ func (s *sqlStrConcat) checkQuery(call *ast.CallExpr, ctx *gosec.Context) (*issu
if injection := s.findInjectionInBranch(ctx, decl.Rhs); injection != nil {
return ctx.NewIssue(injection, s.ID(), s.What, s.Severity, s.Confidence), nil
}
case *ast.ValueSpec:
// handle: var query string = "SELECT ...'" + user
if injection := s.findInjectionInBranch(ctx, decl.Values); injection != nil {
return ctx.NewIssue(injection, s.ID(), s.What, s.Severity, s.Confidence), nil
}
}
}