Enhance SAST rules/lgpl/javascript/database/rule-node_sqli_injection.yml to support Sequelize

Problem

Some SQL injections aren't found by our SAST scanners. We had an example of a potential SQL injection in javascript using the Sequelize client:

const username = req.params.username;
const password = req.query.password;
const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
sequelize.query(query, { type: Sequelize.QueryTypes.SELECT })
.then(data => { res.send(data) })
.catch(err => { res.send(err) }) 
});

From: gl-demo-ultimate-paporte/leticket-app!14 (diffs)

A suggestion would be to add clients in the file linked above so it gets picked up.

Slack Discussion: https://gitlab.slack.com/archives/CLA54H7PY/p1688492482162989

Solution

Follow the enhance rule checklist.