Php/SQL injection in variables

Hi there,

We have just started looking in to and using SonarQube and am very impressed with it.

Are using is over a legacy PHP code base and there are some templates that have triggered the SQL injection security issue.

This rule has the text:

The current implementation does not follow variables. It will only detect SQL queries which are concatenated or contain a '$' sign directly in the function call.

Are there a library of community rules that can follow the variables and check them?

Also: is there a community repo of rules that are shared?

Thanks!

David

Hi David,

Welcome to the community and thanks for the kind words!

The rule you mention is Formatting SQL queries is security-sensitive and it’s categorized as a “security hotspot”. Its implementation is indeed basic.

If you check all the rules which are available for PHP in SonarSource products, you can find another rule: Database queries should not be vulnerable to injection attacks. That one is categorized as a “vulnerability” and it’s part of our set of 14 injection rules which use a taint analysis engine to track how user data flows into your code to detect vulnerabilities. Please note that those rules are only available in SonarCloud (free for open source projects) and in SonarQube commercial editions.

Pierre-Yves