mcp-server-semgrep/semgrep-rules/python/aws-lambda/security/sqlalchemy-sqli.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: sqlalchemy-sqli
  languages:
  - python
  message: >-
    Detected SQL statement that is tainted by `event` object. This could lead to SQL injection if the
    variable is user-controlled
    and not properly sanitized. In order to prevent SQL injection,
    use parameterized queries or prepared statements instead.
    You can use parameterized statements like so:
    `cursor.execute('SELECT * FROM projects WHERE status = ?', 'active')`
  mode: taint
  metadata:
    references:
    - https://docs.sqlalchemy.org/en/14/core/connections.html#sqlalchemy.engine.Connection.execute
    category: security
    owasp:
    - A01:2017 - Injection
    - A03:2021 - Injection
    cwe:
    - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
    technology:
    - aws-lambda
    - sqlalchemy
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - vuln
    likelihood: HIGH
    impact: MEDIUM
    confidence: MEDIUM
  pattern-sinks:
  - patterns:
    - focus-metavariable: $QUERY
    - pattern: $CURSOR.execute($QUERY,...)
    - pattern-inside: |
        import sqlalchemy
        ...
  pattern-sources:
  - patterns:
    - pattern: event
    - pattern-inside: |
        def $HANDLER(event, context):
          ...
  severity: WARNING