mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

67 lines (66 loc) • 2.05 kB

YAML

rules: - id: sqlalchemy-execute-raw-query message: >- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option. metadata: cwe: - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" owasp: - A01:2017 - Injection - A03:2021 - Injection references: - https://docs.sqlalchemy.org/en/14/core/tutorial.html#using-textual-sql - https://www.tutorialspoint.com/sqlalchemy/sqlalchemy_quick_guide.htm - https://docs.sqlalchemy.org/en/14/core/tutorial.html#using-more-specific-text-with-table-expression-literal-column-and-expression-column category: security technology: - sqlalchemy cwe2022-top25: true cwe2021-top25: true subcategory: - audit likelihood: LOW impact: HIGH confidence: LOW severity: ERROR languages: - python pattern-either: - pattern: | $CONNECTION.execute( $SQL + ..., ... ) - pattern: | $CONNECTION.execute( $SQL % (...), ...) - pattern: | $CONNECTION.execute( $SQL.format(...), ... ) - pattern: | $CONNECTION.execute(f"...{...}...", ...) - patterns: - pattern-inside: | $QUERY = $SQL + ... ... - pattern: | $CONNECTION.execute($QUERY, ...) - patterns: - pattern-inside: | $QUERY = $SQL % (...) ... - pattern: | $CONNECTION.execute($QUERY, ...) - patterns: - pattern-inside: | $QUERY = $SQL.format(...) ... - pattern: | $CONNECTION.execute($QUERY, ...) - patterns: - pattern-inside: | $QUERY = f"...{...}..." ... - pattern: | $CONNECTION.execute($QUERY, ...)