Update rule-SqlInjection.yml to assume numbers and booleans cannot contain taint (!668) · Merge requests · GitLab.org / security-products / sast-rules · GitLab

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you can request access to GitLab Duo.

What does this MR do?

Hi! I am a researcher at Semgrep. Someone filed an issue on our GitHub rules repository that I was able to trace back to your rules. https://github.com/semgrep/semgrep-rules/issues/3503

I have added options to this rule so that taint is not propagated over variables that are booleans or numbers to address the user's concerns.

Edited Nov 13, 2024 by 🤖 GitLab Bot 🤖