Enhance Node SQLi Injection Semgrep rule to Support Sequelize (!261) · Merge requests · GitLab.org / security-products / sast-rules · GitLab

Bhavya Kaushal requested to merge node-sqli-injection-sequelize into main Dec 13, 2023

The MR addresses the issue : gitlab-org/gitlab#416984 (closed)

Modified the rule-node_sqli_injection.yml rule to reflect the following changes:

Add support for Sequelize
Optimize the existing rule patterns
Add more patterns that cover additional SQL injection cases (i.e. the cases where request parameter is passed onto another method before it gets appended to SQL query and gets executed.)

Modified the rule-node_sqli_injection.js file to reflect the following changes:

Add multiple additional test cases
Add semgrep test annotations