SQL Injection
Description
SQL Injection is a critical vulnerability that can lead to data or system compromise. By dynamically generating SQL query strings, user input may be able to influence the logic of the SQL statement.
Examples
Insecure Code
go
rows, err := db.Query("SELECT * FROM users WHERE userName = " + userName)
if err!= nil {
return nil, err
}
defer rows.Close()
for rows.Next() {
//... process rows
}Secure Code
go
rows, err := db.Query("SELECT * FROM users WHERE userName =?", userName)
if err!= nil {
return nil, err
}
defer rows.Close()
for rows.Next() {
//... process rows
}Remediation
Replace all dynamically generated SQL queries with parameterized queries. In situations where dynamic queries must be created, never use direct user input, but instead use a map or dictionary of valid values and resolve them using a user supplied key.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0795 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-89 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | sql-injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |