SQL Injection
Description
SQL Injection is a critical vulnerability that can lead to data or system compromise. By dynamically generating SQL query strings, user input may be able to influence the logic of the SQL statement. This could lead to an adversary accessing information they should not have access to, or in some circumstances, being able to execute OS functionality or code.
Examples
Insecure Code
ruby
User.where("id = #{params[:id]}")Secure Code
ruby
user_id = params[:id]
User.where("id =?", user_id)Remediation
Use parameterized queries or the ActiveRecord query interface, which ensures that inputs are properly escaped, preventing SQL injection attacks. Avoid string interpolation or concatenation with user-controlled input for constructing SQL queries.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0551 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-89 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | sql, injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |
References
- https://github.com/semgrep/semgrep-rules/blob/develop/ruby/rails/security/brakeman/check-sql.yaml
- https://owasp.org/www-community/attacks/SQL_Injection