SQL injection vulnerability - Database query built from user-controlled sources

brentlaster / sec-demo

Repo for use in GitHub Security Fundamentals workshop

MIT License

0 stars 0 forks source link

SQL injection vulnerability - Database query built from user-controlled sources #1

Open brentlaster opened 2 days ago

brentlaster commented 2 days ago

models/models.go is using unsafe query construction. If a database query (such as an SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run commands that exfiltrate, tamper with, or destroy data stored in the database.

See comments for details.

brentlaster commented 2 days ago

In models/models.go, line 74 the query depends on a user-provided value.

func ReadQuery(r string) ([]Book, error) { rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE read = '%s'", r))

If a database query (such as an SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run commands that exfiltrate, tamper with, or destroy data stored in the database.

brentlaster commented 2 days ago

Recommendation:

Most database connector libraries offer a way of safely embedding untrusted data into a query by means of query parameters or prepared statements. Use these features rather than building queries by string concatenation.