Hi,
we’re using SonarQube 8.7 in our project and wondering why the scan dont pick up sql injections.
Rule: PHP Sonar way - Database queries should not be vulnerable to injection attacks
Just a worst case example:
Lets think we have a class db_access which handles the querys and then we have a:
$result = db_access->query_first("SELECT * FROM bla_table WHERE user_id="._GET[‘id’].");
Why is the rule not able to find it?
Regards!
Hello @LarsW ,
This may depend on the context and the DB you’re using. Could you send a longer code snippet as a full standalone reproducer ? (Open DB and run SQL Query using _GET[] input).
Thanks, Olivier
Hello Olivier,
thank you for your fast answer. We’re using MariaSQL and here is a longer code snippet:
<?php
class class_db_access extends \mysqli{
public function query_first( $query_string ) {
if( $result = mysqli_query( $query_string ) ){
$row = $this->fetch_array( $result );
return $row;
}
else
return false;
}
}
$db_access=new class_db_access();
$arr=$db_access->query_first("SELECT * FROM bla_table WHERE user_id=".$_GET['id']);
?>Hello Lars,
thank you for the code sample! I think
if( $result = mysqli_query( $query_string ) ){
should actually be
if( $result = $this->query( $query_string ) ){
right? Then an issue is detected for me.