Description

Identifies SQL injection vulnerabilities in JavaScript code where untrusted input can be executed as part of SQL queries. This creates a risk of malicious SQL commands being injected and executed against the database.

Detection Strategy

• Look for SQL query operations in JavaScript code

• Check if query strings concatenate or interpolate user input variables

• Flag cases where user-controlled input is used in SQL queries without proper sanitization

• Examine database query functions that accept dynamic SQL strings

• Check for direct use of user input in query building without parameterization

Vulnerable code example

const express = require('express')
const mysql = require('mysql')

const db = mysql.createConnection({
  host: 'localhost',
  user: 'root',
  database: 'test'
})...

✅ Secure code example

const express = require('express')
const mysql = require('mysql')

const db = mysql.createConnection({
  host: 'localhost',
  user: 'root',
  database: 'test'
})...