Query: "SELECT * FROM users WHERE id = %d" % uid AST: BinOp(op='mod', left='uid', right=String(value='SELECT * FROM users WHERE id = %d')) and "SELECT * FROM users where id = " + uid AST: BinOp(op='add', left='uid', right=String(valu
(self, context)
| 24 | """Finds possible SQL injections via direct string manipulations""" |
| 25 | |
| 26 | def node_BinOp(self, context): |
| 27 | """ |
| 28 | Query: |
| 29 | "SELECT * FROM users WHERE id = %d" % uid |
| 30 | AST: |
| 31 | BinOp(op='mod', left='uid', right=String(value='SELECT * FROM users WHERE id = %d')) |
| 32 | |
| 33 | and |
| 34 | |
| 35 | "SELECT * FROM users where id = " + uid |
| 36 | AST: |
| 37 | BinOp(op='add', left='uid', right=String(value='SELECT * FROM users where id = ')) |
| 38 | """ |
| 39 | n = context.node |
| 40 | yield from [] |
| 41 | if not (isinstance(n.right, String) and n.op in ("mod", "add")): |
| 42 | return |
| 43 | |
| 44 | if not is_sql(n.right.value): |
| 45 | return |
| 46 | |
| 47 | yield Detection( |
| 48 | detection_type="SQLInjection", |
| 49 | score=50, |
| 50 | message="Possible SQL injection found", |
| 51 | signature=f"vuln#{context.signature}", |
| 52 | node = context.node, |
| 53 | line_no=context.node.line_no, |
| 54 | ) |
| 55 | |
| 56 | def node_Call(self, context): |
| 57 | """ |