You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixing this issue will require creating a new SQL injection rule, and following the current scheme it should be numbered as G205. It's a bit awkward to add one that's so "far" down the list, when the existing rules are G201 and G202 for SQL injections.
If you're open to it @ccojocar, I'd like to merge G201 and G202, and have just a single "SQL injection" rule before attempting to fix this. I'll open up a separate issue for that, so that we can keep the conversations separate
Summary
If the entire query is user submitted,
gosec
doesn't flag it as a potential injection pointSteps to reproduce the behavior
With the following code:
Run gosec, you'll get the following output:
gosec version
dev
. Clean-installed viago install github.com/securego/gosec/v2/cmd/gosec@latest
Go version (output of 'go version')
go version go1.20.3 darwin/amd64
Operating system / Environment
macOS 13.3, MacBook Pro 16in, intel i9
Expected behavior
gosec
should flag that this is a potential injectionActual behavior
gosec
doesn't find any issuesThe text was updated successfully, but these errors were encountered: