ESLint plugin that checks for string concatenation in SQL queries. By default it looks for any function calls where the function name is query
, or you can override that with the options. See the examples directory for valid and invalid samples for the rule.
npm install eslint-plugin-sql-injection
no-sql-injection
- Prevent using string concatenation in SQL queries
queryFunctionNames
controls what function names to inspect
Add a plugins
section and specify sql-injection
as a plugin:
{
"plugins": [
"sql-injection"
]
}
Enable the rule:
{
"rules": {
"sql-injection/no-sql-injection": "error"
}
}
Or with options:
{
"rules": {
"sql-injection/no-sql-injection": [ "error", { "queryFunctionNames": [ "q" ] } ]
}
}
eslint-plugin-sql-injection is licensed under the MIT License.