Elixir Postgresql Sql Injection
Description
This vulnerability detector identifies SQL injection flaws in Elixir applications that use PostgreSQL database connections. It detects when user-controlled or unsanitized data is passed as query parameters to PostgreSQL functions, which could allow attackers to manipulate SQL queries and potentially access or modify unauthorized data.
Detection Strategy
• Scans Elixir source code for calls to PostgreSQL database functions (identified as SQL_SINKS)
• Examines the query parameter passed to these PostgreSQL functions - checks the first parameter for piped calls or second parameter for regular function calls
• Determines if the query parameter contains unsanitized user input or dangerous dynamic content that could be exploited for SQL injection
• Reports a vulnerability when PostgreSQL functions receive potentially malicious query parameters that haven't been properly sanitized or parameterized
Vulnerable code example
defmodule VulnerablePostgrex do
def sql_injection(conn, _opts) do
user_id = conn.params["id"] # User input
# VULNERABLE: String concatenation instead of parameterized query
query = "SELECT * FROM users WHERE id = " <> user_id
Postgrex.query!(MyApp.PG, query, [])...✅ Secure code example
defmodule SecurePostgrex do
def sql_injection(conn, _opts) do
user_id = conn.params["id"] # User input
# SAFE: Use parameterized query with $1 placeholder
query = "SELECT * FROM users WHERE id = $1"
Postgrex.query!(MyApp.PG, query, [user_id])...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.