Typescript Sql Injection Template Literal
Description
Detects SQL injection vulnerabilities in TypeScript code that uses template literals with MySQL database connections. It specifically checks for unsafe concatenation of user input into SQL queries when using the mysql module, with particular attention to connection pools and user connection handling.
Detection Strategy
• Code must import the 'mysql' module to be considered for analysis
• Examines template literals in SQL queries for potential injection points
• Specifically flags dangerous cases where user input is directly concatenated into SQL statements
• Applies stricter checking when userconnection objects are used without connection pooling
• For code using connection pools (createPool), all template literal SQL queries are analyzed for injection risks
Vulnerable code example
const mysql = require('mysql');
const connection = mysql.createConnection();
function authenticateUser(username, password) {
// VULNERABLE: Direct string interpolation allows SQL injection
connection.query(`SELECT * FROM users WHERE username='${username}' AND password='${password}'`,
(err, results) => {
return results;...✅ Secure code example
const mysql = require('mysql');
const bcrypt = require('bcrypt');
const connection = mysql.createConnection();
async function authenticateUser(username, password) {
// Safe: Uses parameterized query to prevent SQL injection
const query = 'SELECT * FROM users WHERE username = ?';
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.