Get Started
- CodeAnt AI
- Setup
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Ajv
- Angular
- Apollo
- Argon2
- Audit
- Aws-lambda
- Axios
- Bluebird
- Browser
- Chrome-remote-interface
- Crypto
- Deno
- Express
- Fbjs
- Firebase
- Grpc
- Intercom
- Jose
- Jquery
- Jsonwebtoken
- Jssha
- Jwt-simple
- Knex
- Lang
- Best practice
- Correctness
- Hardcoded
- Security
- Security
- Monaco-editor
- Mongodb
- Mongoose
- Mssql
- Mysql
- Node-expat
- Passport-jwt
- Pg
- Phantom
- Playwright
- Puppeteer
- React
- Sandbox
- Sax
- Sequelize
- Serialize-javascript
- Shelljs
- Superagent
- Thenify
- Vm2
- Vue
- Wkhtmltoimage
- Wkhtmltopdf
- Xml2json
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Sqli
Detected string concatenation with a non-literal variable in a mssql JS SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: $REQ.input('USER_ID', mssql.Int, id);
Likelihood: HIGH
Confidence: LOW
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Detected string concatenation with a non-literal variable in a node-postgres JS SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: client.query('SELECT $1 from table', [userinput])
Likelihood: MEDIUM
Confidence: LOW
CWE:
- CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASP:
- A08:2021 - Software and Data Integrity Failures
Detected a $IMPORT SQL statement that comes from a function argument. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
Likelihood: HIGH
Confidence: LOW
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Detected SQL statement that is tainted by $REQ object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. An example of parameterized queries like so: knex.raw('SELECT $1 from table', [userinput]) can help prevent SQLi.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection