logo

Database

Javascript Sql Injection Template Literal

Description

Detects potential SQL injection vulnerabilities in JavaScript code when using template literals with MySQL queries. The vulnerability occurs when user-controlled input is directly interpolated into SQL statements without proper sanitization, allowing attackers to modify the query structure and potentially access or manipulate sensitive data.

Weakness:

112 - SQL injection - Java SQL API

Category: Unexpected Injection

Detection Strategy

    Checks if the JavaScript file imports the 'mysql' module or related MySQL database libraries

    Identifies SQL queries using template literals (backtick strings) in the code

    Examines if user-controlled or unsanitized data is interpolated directly into SQL queries

    Flags queries that use dangerous connection patterns, particularly focusing on non-pooled user connections

    Reports vulnerability when unescaped user input flows into SQL template literals

Vulnerable code example

const mysql = require('mysql');
const connection = mysql.createConnection({});

function userLogin(username, password) {
  // VULNERABLE: Direct string interpolation of user input into SQL query
  connection.query(`SELECT * FROM users WHERE username='${username}' AND password='${password}'`,
    (error, results) => {
      return results;...

✅ Secure code example

const mysql = require('mysql');
const bcrypt = require('bcrypt');
const connection = mysql.createConnection({});

async function userLogin(username, password) {
  // Safe: Using parameterized query prevents SQL injection
  const query = 'SELECT * FROM users WHERE username = ?';
  ...