search

guillaumeaubert / Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.
https://metacpan.org/pod/Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection
Other
6 stars 8 forks source link

Prevent false positives #23

Open nferraz opened 5 years ago

nferraz commented 5 years ago

This pull request will prevent false positives in contexts that cannot generate SQL injections, for instance:

die     "Select returned: $error";
warn    "Update returned: $error";
croak   "Insert returned: $error";
carp    "Delete returned: $error";
confess "Select returned: $error";

It will always look at the previous significant sibling, so it will also prevent false positives like:

do_something() or die     "Select returned: $error";
do_something() or warn    "Update returned: $error";
do_something() or croak   "Insert returned: $error";
do_something() or carp    "Delete returned: $error";
do_something() or confess "Select returned: $error";
coveralls commented 5 years ago

Coverage Status

Coverage decreased (-0.4%) to 96.622% when pulling 7d6b813e953f8e2711fbee8d207b9b8963936586 on nferraz:nferraz/prevent-false-positives into 13fa7f035842886ac80ceea1e3904398e7771e9b on guillaumeaubert:master.

xsawyerx commented 4 years ago

The travis-ci tests are failing for unrelated reasons:

$ perlbrew use 5.16

ERROR: The installation "5.16" is unknown.

and:

$ perlbrew use 5.10

ERROR: The installation "5.10" is unknown.