Query: "SELECT * FROM users WHERE id = {}".format(uid) AST: Call(Attribute(String(value='SELECT * FROM users WHERE id = {}') . 'format'))(*['uid'])
(self, context)
| 54 | ) |
| 55 | |
| 56 | def node_Call(self, context): |
| 57 | """ |
| 58 | Query: |
| 59 | "SELECT * FROM users WHERE id = {}".format(uid) |
| 60 | AST: |
| 61 | Call(Attribute(String(value='SELECT * FROM users WHERE id = {}') . 'format'))(*['uid']) |
| 62 | """ |
| 63 | n = context.node |
| 64 | if not ( |
| 65 | isinstance(n.func, Attribute) |
| 66 | and isinstance(n.func.source, String) |
| 67 | and n.func.attr == "format" |
| 68 | ): |
| 69 | return |
| 70 | if not is_sql(n.func.source.value): |
| 71 | return |
| 72 | |
| 73 | yield Detection( |
| 74 | detection_type="SQLInjection", |
| 75 | score=50, |
| 76 | message="Possible SQL injection found", |
| 77 | signature=f"vuln#sqli#{context.signature}", |
| 78 | node = context.node, |
| 79 | line_no=context.node.line_no, |
| 80 | ) |