Detect concatenation - Githubissues

guillaumeaubert / Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

https://metacpan.org/pod/Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection

Other

6 stars 8 forks source link

Detect concatenation #2

Closed guillaumeaubert closed 10 years ago

guillaumeaubert commented 10 years ago

Currently, this module only analyzes whole strings, and ignores concatenated strings or variables.

For example, this would incorrectly not trigger a violation:

my $sql = 'SELECT * FROM ' . $table;

guillaumeaubert commented 10 years ago

Released in v1.1.0.