mcp-server-semgrep/semgrep-rules/python/aws-lambda/security/tainted-sql-string.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: tainted-sql-string
  languages:
  - python
  message: >-
    Detected user input used to manually construct a SQL string. This is usually
    bad practice because manual construction could accidentally result in a SQL
    injection. An attacker could use a SQL injection to steal or modify contents
    of the database. Instead, use a parameterized query which is available
    by default in most database engines. Alternatively, consider using an
    object-relational mapper (ORM) such as Sequelize which will protect your queries.
  metadata:
    references:
    - https://owasp.org/www-community/attacks/SQL_Injection
    category: security
    owasp:
    - A01:2017 - Injection
    - A03:2021 - Injection
    cwe:
    - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
    technology:
    - aws-lambda
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - vuln
    likelihood: HIGH
    impact: MEDIUM
    confidence: MEDIUM
  mode: taint
  pattern-sinks:
  - patterns:
    - pattern-either:
      - pattern: |
          "$SQLSTR" + ...
      - pattern: |
          "$SQLSTR" % ...
      - pattern: |
          "$SQLSTR".format(...)
      - pattern: |
          f"$SQLSTR{...}..."
    - metavariable-regex:
        metavariable: $SQLSTR
        regex: \s*(?i)(select|delete|insert|create|update|alter|drop)\b.*=
    - pattern-not-inside: |
        print(...)
  pattern-sources:
  - patterns:
    - pattern: event
    - pattern-inside: |
        def $HANDLER(event, context):
          ...
  severity: ERROR