logo

Database

Elixir Postgresql Sql Injection

Description

This vulnerability detector identifies SQL injection flaws in Elixir applications that use PostgreSQL database connections. It detects when user-controlled or unsanitized data is passed as query parameters to PostgreSQL functions, which could allow attackers to manipulate SQL queries and potentially access or modify unauthorized data.

Weakness:

297 - SQL injection - Code

Category: Unexpected Injection

Detection Strategy

    Scans Elixir source code for calls to PostgreSQL database functions (identified as SQL_SINKS)

    Examines the query parameter passed to these PostgreSQL functions - checks the first parameter for piped calls or second parameter for regular function calls

    Determines if the query parameter contains unsanitized user input or dangerous dynamic content that could be exploited for SQL injection

    Reports a vulnerability when PostgreSQL functions receive potentially malicious query parameters that haven't been properly sanitized or parameterized

Vulnerable code example

defmodule VulnerablePostgrex do
  def sql_injection(conn, _opts) do
    user_id = conn.params["id"]  # User input
    
    # VULNERABLE: String concatenation instead of parameterized query
    query = "SELECT * FROM users WHERE id = " <> user_id
    
    Postgrex.query!(MyApp.PG, query, [])...

✅ Secure code example

defmodule SecurePostgrex do
  def sql_injection(conn, _opts) do
    user_id = conn.params["id"]  # User input
    
    # SAFE: Use parameterized query with $1 placeholder
    query = "SELECT * FROM users WHERE id = $1"
    
    Postgrex.query!(MyApp.PG, query, [user_id])...