MCPcopy Create free account
hub / github.com/SourceCode-AI/aura / node_BinOp

Method node_BinOp

aura/analyzers/python/sqli.py:26–54  ·  view source on GitHub ↗

Query: "SELECT * FROM users WHERE id = %d" % uid AST: BinOp(op='mod', left='uid', right=String(value='SELECT * FROM users WHERE id = %d')) and "SELECT * FROM users where id = " + uid AST: BinOp(op='add', left='uid', right=String(valu

(self, context)

Source from the content-addressed store, hash-verified

24 """Finds possible SQL injections via direct string manipulations"""
25
26 def node_BinOp(self, context):
27 """
28 Query:
29 "SELECT * FROM users WHERE id = %d" % uid
30 AST:
31 BinOp(op='mod', left='uid', right=String(value='SELECT * FROM users WHERE id = %d'))
32
33 and
34
35 "SELECT * FROM users where id = " + uid
36 AST:
37 BinOp(op='add', left='uid', right=String(value='SELECT * FROM users where id = '))
38 """
39 n = context.node
40 yield from []
41 if not (isinstance(n.right, String) and n.op in ("mod", "add")):
42 return
43
44 if not is_sql(n.right.value):
45 return
46
47 yield Detection(
48 detection_type="SQLInjection",
49 score=50,
50 message="Possible SQL injection found",
51 signature=f"vuln#{context.signature}",
52 node = context.node,
53 line_no=context.node.line_no,
54 )
55
56 def node_Call(self, context):
57 """

Callers

nothing calls this directly

Calls 2

is_sqlFunction · 0.85
DetectionClass · 0.85

Tested by

no test coverage detected