Go-SCP icon indicating copy to clipboard operation
Go-SCP copied to clipboard

Published 20 hours ago verified publisher icon OWASP

SQLi and templates

Open lojikil opened this issue 4 years ago • 2 comments

Most of the non-compliant Go SQL code I see is actually abuse of templates, rather than string joins. We should show non-compliance via templating as well, so that developers do not think that templating can necessarily save them here.

lojikil avatar Sep 21 '20 13:09 lojikil

Hi @lojikil, Can you please provide an example of it?

Cheers, Paulo A. Silva

PauloASilva avatar Apr 13 '21 09:04 PauloASilva

By "abuse of templates" do you mean stuff like:

rows, err := db.Query(fmt.Sprintf("SELECT * FROM user WHERE id = %s", id))

@lojikil would you like to open a Pull Request?

Cheers, Paulo A. Silva

PauloASilva avatar Dec 27 '22 09:12 PauloASilva