DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
JavaScript

JavaScript

Made by DeepSource
Use Analyzer

Audit: Query is potentially vulnerable to SQL injection JS-A1009

Security
Critical
 a03 cwe-20 cwe-89 sans top 25 owasp top 10

Using tainted data in an SQL query – such as query parameters or form input supplied by a user – can leave your application vulnerable to SQL injection attacks.

If you must query a database on the user's behalf, ensure that the data received is properly sanitized.

If you can guarantee that your code snippet is safe, add a skipcq comment to document the reason. This will also prevent DeepSource from raising this issue.

Bad Practice

import { Client } from 'pg';

const pgClient = new Client({ /* ... */ });

app.get("/resource", (req, res) => {
  const query = "select * from user where name = " + req.query.name;
  const result = await pgClient.query(query);
  // This is vulnerable to injection---^
});

Recommended

import { Client } from 'pg';

const pgClient = new Client({ /* ... */ });

app.get("/resource", (req, res) => {
  const sanitizedName = sanitize(req.query.name);
  // A "sanitize" function should ideally return a sanitized value and not just validate.
  const query = "select * from user where name = " + sanitizedName;
  const result = await pgClient.query(query);
});

References