New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recognize interpolation in SQL strings in embedded SQL #332

merged 3 commits into from Jun 2, 2018


None yet
1 participant

50Wliu commented Jun 2, 2018


  • Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
  • All new code requires tests to ensure against regressions

Description of the Change

language-sql has match patterns for single-line strings that prevent interpolation injections from matching. To get around this, override those match patterns with our own that recognize interpolations.

Alternate Designs

Make injections work in matches. This would get really hairy, really quickly.


Interpolation in single-line strings.

Possible Drawbacks

I don't really see any.

Applicable Issues

Fixes #331

50Wliu added some commits Jun 2, 2018

@50Wliu 50Wliu merged commit 955cc83 into master Jun 2, 2018

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/travis-ci/pr The Travis CI build passed

@50Wliu 50Wliu deleted the wl-sql-injections-interpolation branch Jun 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment