From a1939a377ca73413da4713cc15b67c66755a63a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Mon, 6 Nov 2023 15:29:04 +0100 Subject: [PATCH] fix: replace scope result with cursor --- rules/go/gosec/sql/concat_sqli.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/rules/go/gosec/sql/concat_sqli.yml b/rules/go/gosec/sql/concat_sqli.yml index 51e9fa095..415b58163 100644 --- a/rules/go/gosec/sql/concat_sqli.yml +++ b/rules/go/gosec/sql/concat_sqli.yml @@ -12,10 +12,10 @@ patterns: - either: - variable: DB detection: go_gosec_sql_concat_sqli_sql_open - scope: result + scope: cursor - variable: DB detection: go_gosec_sql_concat_sqli_sql_db_begin - scope: result + scope: cursor - pattern: | $.QueryContext($<...>$) filters: @@ -24,18 +24,17 @@ patterns: - either: - variable: DB detection: go_gosec_sql_concat_sqli_sql_open - scope: result + scope: cursor - variable: DB detection: go_gosec_sql_concat_sqli_sql_db_begin - scope: result + scope: cursor auxiliary: - id: go_gosec_sql_concat_sqli_input_sprintf_sanitizer patterns: - pattern: fmt.Sprintf($$<...>) filters: - variable: STRING - regex: (SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE).*%[bdoxXfFp].* - scope: result + string_regex: (SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE).*%[bdoxXfFp].* - id: go_gosec_sql_concat_sqli_input_sanitizer patterns: - pattern: $<_>.QuoteIdentifier($$<_>) @@ -46,21 +45,21 @@ auxiliary: filters: - variable: INPUT detection: go_shared_lang_dynamic_request_input - scope: result + scope: cursor - id: go_gosec_sql_concat_sqli_sql_db_begin patterns: - pattern: $.Begin() filters: - variable: SQL detection: go_gosec_sql_concat_sqli_sql_open - scope: result + scope: cursor - id: go_gosec_sql_concat_sqli_sql_open patterns: - pattern: $.Open() filters: - variable: SQL detection: go_gosec_sql_concat_sqli_sql_init - scope: result + scope: cursor - id: go_gosec_sql_concat_sqli_sql_init patterns: - pattern: import $"database/sql"