/
gorm-dangerous-methods-usage.yaml
69 lines (69 loc) · 2.12 KB
/
gorm-dangerous-methods-usage.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
rules:
- id: gorm-dangerous-method-usage
message: >-
Detected usage of dangerous method $METHOD which does not escape inputs (see link in references).
If the argument is user-controlled, this can lead to SQL injection. When using $METHOD function,
do not trust user-submitted data and only allow approved list of input (possibly, use an allowlist
approach).
severity: WARNING
languages:
- go
mode: taint
pattern-sources:
- patterns:
- pattern-either:
- pattern: |
($REQUEST : http.Request).$ANYTHING
- pattern: |
($REQUEST : *http.Request).$ANYTHING
- metavariable-regex:
metavariable: $ANYTHING
regex: ^(BasicAuth|Body|Cookie|Cookies|Form|FormValue|GetBody|Host|MultipartReader|ParseForm|ParseMultipartForm|PostForm|PostFormValue|Referer|RequestURI|Trailer|TransferEncoding|UserAgent|URL)$
pattern-sinks:
- patterns:
- pattern-inside: |
import ("gorm.io/gorm")
...
- patterns:
- pattern-inside: |
func $VAL(..., $GORM *gorm.DB,... ) {
...
}
- pattern-either:
- pattern: |
$GORM. ... .$METHOD($VALUE)
- pattern: |
$DB := $GORM. ... .$ANYTHING(...)
...
$DB. ... .$METHOD($VALUE)
- focus-metavariable: $VALUE
- metavariable-regex:
metavariable: $METHOD
regex: ^(Order|Exec|Raw|Group|Having|Distinct|Select|Pluck)$
pattern-sanitizers:
- pattern-either:
- pattern: strconv.Atoi(...)
- pattern: |
($X: bool)
options:
interfile: true
metadata:
category: security
technology:
- gorm
cwe:
- "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
owasp:
- A01:2017 - Injection
- A03:2021 - Injection
references:
- https://gorm.io/docs/security.html#SQL-injection-Methods
- https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
confidence: HIGH
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- vuln
likelihood: HIGH
impact: MEDIUM
interfile: true