Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageAudit required: Tainted value reached a sinkGO-S7000
Major
SecurityUnsanitized user input reaches a sink.
Examples
Bad practice
package main
import (
"context"
"database/sql"
"fmt"
)
func foo(db *sql.Conn, input string) {
db.ExecContext(context.TODO(), fmt.Sprintf("SELECT * FROM users where id = %s", input))
}
Recommended
package main
import (
"context"
"database/sql"
)
func foo(db *sql.Conn, input string) {
db.ExecContext(context.TODO(), "SELECT * FROM users where id = ?", id)
}