JavaScript

JavaScript

Made by DeepSource

Audit: Query is potentially vulnerable to SQL injection JS-A1009

Security
Critical
a03 cwe-20 cwe-89 sans top 25 owasp top 10

Using tainted data in an SQL query – such as query parameters or form input supplied by a user – can leave your application vulnerable to SQL injection attacks.

If you must query a database on the user's behalf, ensure that the data received is properly sanitized.

If you can guarantee that your code snippet is safe, add a skipcq comment to document the reason. This will also prevent DeepSource from raising this issue.

Bad Practice

import { Client } from 'pg';

const pgClient = new Client({ /* ... */ });

app.get("/resource", (req, res) => {
  const query = "select * from user where name = " + req.query.name;
  const result = await pgClient.query(query);
  // This is vulnerable to injection---^
});

Recommended

import { Client } from 'pg';

const pgClient = new Client({ /* ... */ });

app.get("/resource", (req, res) => {
  const sanitizedName = sanitize(req.query.name);
  // A "sanitize" function should ideally return a sanitized value and not just validate.
  const query = "select * from user where name = " + sanitizedName;
  const result = await pgClient.query(query);
});

References