-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create test-sqli.js #65
base: master
Are you sure you want to change the base?
Conversation
const connection = mysql.createConnection({ | ||
host: 'localhost', | ||
user: 'root', | ||
password: 'password', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
⚠️ Aqua detected sensitive data in your code
Category: Code Generic
Description: Code Generic Credential
Severity: HIGH
Match: password: '********',
[This comment was created by Aqua Pipeline]
const userId = req.query.id; // Assuming this is user input | ||
|
||
const query = `SELECT * FROM users WHERE id = ${userId}`; | ||
connection.query(query, (error, results) => { | ||
if (error) throw error; | ||
console.log(results); | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
⚠️ Aqua detected potential vulnerability in your code
Check name: node sqli injection
CWE: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Severity: HIGH
Category: security
Technology: node.js, express
Description: Untrusted input concatenated with raw SQL query can result in SQL Injection.
Source: A01:2017 - Injection
[This comment was created by Aqua Pipeline]
No description provided.