Amazon CodeGuruDetector Library Sign in to CodeGuru

CodeGuru

Detector Library

JavaScript detectors (78/78)

Improper access control Sensitive data stored unencrypted due to partial encryption Pseudorandom number generators OS command injection URL redirection to untrusted site Integer overflow Protection mechanism failure Non-literal regular expression Tainted input for Docker API Usage of an API that is not recommended XML external entity Server-side request forgery New function detected Stack trace exposure Timing attack SNS don't bind subscribe and publish Invoke super appropriately NoSQL injection Hardcoded credentials Insecure cookie Cross-site scripting Hardcoded IP address AWS credentials logged XPath injection Data loss in a batch request Path traversal Least privilege violation DNS prefetching Resource leak Insufficiently protected credentials File extension validation Insecure connection using unencrypted protocol Cross-site request forgery Typeof expression Set SNS Return Subscription ARN File and directory information exposure Missing Amazon S3 bucket owner condition Insecure hashing Numeric truncation error Client-side KMS reencryption AWS client not reused in a Lambda function LDAP injection Batch request with unchecked failures Cryptographic key generator Unauthenticated Amazon SNS unsubscribe requests might succeed Unverified hostname Origins-verified cross-origin communications Loose file permissions Unsanitized input is run as code Missing pagination Untrusted Amazon Machine Images Improper certificate validation Insecure CORS policy Deserialization of untrusted object Sensitive information leak Check failed records when using kinesis Weak obfuscation of web requests Catch and swallow exception Logging of sensitive information Limit request length String passed to `setInterval` or `setTimeout`Log injection Override of reserved variable names in a Lambda function Improper restriction of rendered UI layers or frames Insecure cryptography Insecure object attribute modification Session fixation Avoid nan in comparison Improper input validation Disabled HTML autoescape Use of a deprecated method Unvalidated expansion of archive files File injection Sendfile injection SQL injection Header injection Insecure temporary file or directory Inefficient polling of AWS resource

SQL injection High

User-provided inputs must be sanitized before being used to generate a SQL database query. An attacker can create and use untrusted input to run query statements that read, modify, or delete database content.

Detector ID

javascript/sql-injection@v1.0

Category

Common Weakness Enumeration (CWE)

Tags

# injection # sql # owasp-top10 # top25-cwes

Noncompliant example

1var sql = require('mysql')
2var express = require('express')
3var app = express()
4
5var connection = sql.createConnection({
6    host     : 'localhost',
7    user     : 'myUserName',
8    password : 'myPass',
9    database : 'myDatabase'
10})
11
12function sqlInjectionNoncompliant() {
13    app.get("/user/:id", (req, res) => {
14        // Noncompliant: user input is not sanitized before use.
15        var query = "SELECT * FROM Employees WHERE ID = " + req.params.id
16        connection.query(query, (error, results, fields) => {
17            if (error) throw error
18        })
19    })
20}

Compliant example

1var sql = require('mysql')
2var express = require('express')
3var app = express()
4
5var connection = sql.createConnection({
6    host     : 'localhost',
7    user     : 'myUserName',
8    password : 'myPass',
9    database : 'myDatabase'
10})
11
12function sqlInjectionCompliant() {
13    app.get("/user/:id", (req, res) => {
14        // Compliant: user input is sanitized before use.
15        var query = "SELECT * FROM Employees WHERE ID = " + connection.escape(req.params.id)
16        connection.query(query, (error, results, fields) => {
17            if (error) throw error
18        })
19    })
20}