fix(javascript): handle mysql pool as a promise

Bearer · Nov 12, 2024 · ca6c8ce · ca6c8ce
1 parent 111b0ed
commit ca6c8ce
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 22 deletions.
diff --git a/rules/javascript/lang/sql_injection.yml b/rules/javascript/lang/sql_injection.yml
@@ -113,6 +113,10 @@ auxiliary:
   - id: javascript_lang_sql_injection_mysql_pool
     patterns:
       - mysql.createPool()
+      - pattern: $<MYSQL_POOL>.promise()
+        filters:
+          - variable: MYSQL_POOL
+            detection: javascript_lang_sql_injection_mysql_pool
   - id: javascript_lang_sql_injection_pool_conn
     patterns:
       - pattern: $<MYSQL_POOL>.getConnection(function($<_>, $<!>$<_>) {})

diff --git a/tests/javascript/lang/sql_injection/testdata/mysql2_sql_injection.js b/tests/javascript/lang/sql_injection/testdata/mysql2_sql_injection.js
@@ -2,31 +2,62 @@ const connection = mysql.createConnection({});
 const asyncConn = await mysql.createConnection({});
 
 module.exports.asyncFooBar = async function (req, res) {
-	// bearer:expected javascript_lang_sql_injection
-	await asyncConn.execute(
-		"SELECT * FROM `admin_users` WHERE ID = " + req.admin.id
-	);
-	res.send("ok");
+  // bearer:expected javascript_lang_sql_injection
+  await asyncConn.execute(
+    "SELECT * FROM `admin_users` WHERE ID = " + req.admin.id
+  );
+  res.send("ok");
 };
 
 module.exports.fooBar = function (req, _res) {
-// bearer:expected javascript_lang_sql_injection
-	connection.query(
-		"SELECT * FROM `user` WHERE name = " + req.params.customer.name
-	);
+  // bearer:expected javascript_lang_sql_injection
+  connection.query(
+    "SELECT * FROM `user` WHERE name = " + req.params.customer.name
+  );
 
-	// pool query
-	var pool = mysql.createPool();
-// bearer:expected javascript_lang_sql_injection
-	pool.query(
-		"SELECT * FROM users WHERE name = " + req.params.user_name,
-		function () {}
-	);
-	pool.getConnection(function (_err, conn) {
-// bearer:expected javascript_lang_sql_injection
-		conn.query("SELECT * FROM users WHERE name = " + req.params.user_name, function () {});
-		pool.releaseConnection(conn);
-	});
+  // pool query
+  var pool = mysql.createPool();
+  // bearer:expected javascript_lang_sql_injection
+  pool.query(
+    "SELECT * FROM users WHERE name = " + req.params.user_name,
+    function () {}
+  );
+  pool.getConnection(function (_err, conn) {
+    // bearer:expected javascript_lang_sql_injection
+    conn.query(
+      "SELECT * FROM users WHERE name = " + req.params.user_name,
+      function () {}
+    );
+    pool.releaseConnection(conn);
+  });
 
-	res.send("ok");
+  res.send("ok");
+};
+
+module.exports.asyncPool = async function (req, _res) {
+  // pool query
+  var pool = mysql.createPool({
+    host: "mysql",
+    user: "root",
+    password: "password",
+    database: "testdb",
+    waitForConnections: true,
+    connectionLimit: 10,
+    queueLimit: 0,
+  });
+  // promisify pool
+  const poolPromise = pool.promise();
+  var userName = req.query.name;
+  // bearer:expected javascript_lang_sql_injection
+  await poolPromise.query(`SELECT * FROM users WHERE name = '${userName}'`);
+  poolPromise.getConnection(function (_err, conn) {
+    // bearer:expected javascript_lang_sql_injection
+    conn.query(
+      `SELECT * FROM users WHERE name = '${userName}'`,
+      function () {}
+    );
+    poolPromise.releaseConnection(conn);
+  });
+
+  res.send("ok");
 };