go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-25 22:22:17 +02:00
Code Issues Releases Activity

Fix false negatives for SQL injection in multi-line queries

Browse Source
This commit is contained in:
kaiili
2022-01-05 19:05:53 +08:00
committed by GitHub
parent 4c1afaa492
commit 9d66b0d346
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/sql.go
View File

@@ -282,7 +282,7 @@ func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
noIssueQuoted: gosec.NewCallList(),
sqlStatement: sqlStatement{
patterns: []*regexp.Regexp{
regexp.MustCompile("(?i)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "),
regexp.MustCompile("(?i)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE)( |\n|\r|\t)"),
regexp.MustCompile("%[^bdoxXfFp]"),
},
MetaData: gosec.MetaData{