Sobelow.SQL.Query (Sobelow v0.14.1)

View Source

SQL Injection in Query

This submodule of the SQL module checks for SQL injection vulnerabilities through usage of the Ecto.Adapters.SQL.query and Ecto.Adapters.SQL.query!.

Ensure that the query is parameterized and not user-controlled.

SQLi Query checks can be ignored with the following command:

$ mix sobelow -i SQL.Query

Summary

Functions

details()
id()
parse_repo_query_def(fun, type)
parse_sql_def(fun, type)
rule()
run(fun, meta_file)

Functions

details()

id()

parse_repo_query_def(fun, type)

parse_sql_def(fun, type)

rule()

run(fun, meta_file)