guillaumeaubert Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection issues

guillaumeaubert / Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

https://metacpan.org/pod/Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection

Other

6 stars 8 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

False positive with commands that cannot execute SQL

#24 nferraz opened 4 years ago
0
Prevent false positives

#23 nferraz opened 5 years ago
2
reset `_sqlsafe` when scanning multiple documents; added tests

#22 cngarrison opened 5 years ago
3
Reduce false positive by ending at an operator for issue #20

#21 cashlo opened 6 years ago
3
False positive with operators like `eq`, `&&`

#20 cashlo opened 6 years ago
2
Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection is flagging valid constructs as SQL injection risks when no such risk exists.

#19 cschwenz opened 7 years ago
1
test cases related to anonimous functions

#18 vsespb opened 10 years ago
1
Failing test - It seems that PPI has problems when heredoc terminator is...

#17 vsespb opened 10 years ago
3
this typo prevented the test from working

#16 vsespb closed 10 years ago
1
one more failing test for GH-14

#15 vsespb closed 10 years ago
3
Fixed - was not working for variables in last line of heredoc.

#14 vsespb closed 10 years ago
6
does not detect method calls sometimes

#13 vsespb closed 10 years ago
8
weird case with ternary operator

#12 vsespb closed 10 years ago
3
detect sql string modification

#11 vsespb opened 10 years ago
2
Detect use of constants

#10 krismatthews opened 10 years ago
0
SQL safe variable lists should accept both space and comma separators

#9 guillaumeaubert closed 10 years ago
1
Detect use of quote_identifier() and quote() from DBI

#8 guillaumeaubert closed 10 years ago
1
Unable to whitelist concatenated variables

#7 sprinkla closed 10 years ago
2
False positives - Non-SQL string with a potential SQL keyword

#6 guillaumeaubert closed 10 years ago
0
Issue with SQL statements in an array with variables

#5 guillaumeaubert closed 10 years ago
1
Detect SQL injection issues introduced via concatenation

#4 guillaumeaubert closed 11 years ago
2
Detect use of sprintf()

#3 guillaumeaubert opened 11 years ago
0
Detect concatenation

#2 guillaumeaubert closed 10 years ago
1
Heredoc support

#1 guillaumeaubert closed 11 years ago
0