mcp-server-semgrep/semgrep-rules/python/django/security/audit/custom-expression-as-sql.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: custom-expression-as-sql
  languages:
  - python
  message: Detected a Custom Expression ''$EXPRESSION'' calling ''as_sql(...).'' This could lead to SQL
    injection, which can result in attackers exfiltrating sensitive data. Instead, ensure no user input
    enters this function or that user input is properly sanitized.
  metadata:
    cwe:
    - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
    owasp:
    - A01:2017 - Injection
    - A03:2021 - Injection
    references:
    - https://docs.djangoproject.com/en/3.0/ref/models/expressions/#django.db.models.Func.as_sql
    - https://semgrep.dev/blog/2020/preventing-sql-injection-a-django-authors-perspective/
    category: security
    technology:
    - django
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - audit
    likelihood: LOW
    impact: HIGH
    confidence: LOW
  pattern: $EXPRESSION.as_sql(...)
  severity: WARNING