- Versions: SonarQ Version 7.9.1 (build 27448) + Sonar-Scanner MacOS Version 4.2.0.1873
- Trying to detect SQL Injection VULNs in TypeORM usages
I am trying to detect SQL injection patterns in wrong usages of typeORM like:
this.connection.query(
SELECT XYZ, ABC FROM A WHERE ABC = ${aValue});
instead of:
this.connection.query(
SELECT XYZ, ABC FROM A WHERE ABC = $1, [aValue]);
where this.connection
is a Connect from import { Connection } from 'typeorm';
The rule javascript:S2077 is properly enabled.
The result: nothing is detected.
Do I need to enable other specific rules (typeorm rule ?)
Best