mcp-server-semgrep/semgrep-rules/javascript/aws-lambda/security/sequelize-sqli.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: sequelize-sqli
  message: >-
    Detected SQL statement that is tainted by `$EVENT` object. This could lead to SQL injection if the
    variable is user-controlled
    and not properly sanitized. In order to prevent SQL injection,
    use parameterized queries or prepared statements instead.
    You can use parameterized statements like so:
    `sequelize.query('SELECT * FROM projects WHERE status = ?', { replacements: ['active'], type: QueryTypes.SELECT
    });`
  metadata:
    references:
    - https://sequelize.org/master/manual/raw-queries.html
    category: security
    owasp:
    - A01:2017 - Injection
    - A03:2021 - Injection
    cwe:
    - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
    technology:
    - aws-lambda
    - sequelize
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - vuln
    likelihood: MEDIUM
    impact: HIGH
    confidence: MEDIUM
  languages:
  - javascript
  - typescript
  severity: WARNING
  mode: taint
  pattern-sources:
  - patterns:
    - pattern-either:
      - pattern-inside: |
          exports.handler = function ($EVENT, ...) {
            ...
          }
      - pattern-inside: |
          function $FUNC ($EVENT, ...) {...}
          ...
          exports.handler = $FUNC
      - pattern-inside: |
          $FUNC = function ($EVENT, ...) {...}
          ...
          exports.handler = $FUNC
    - pattern: $EVENT
  pattern-sinks:
  - patterns:
    - focus-metavariable: $QUERY
    - pattern-either:
      - pattern: $DB.query($QUERY, ...)
    - pattern-either:
      - pattern-inside: |
          require('sequelize')
          ...
      - pattern-inside: |
          import 'sequelize'
          ...