diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc index 2914124313a..5ad47cdd063 100644 --- a/docs/header_names/allowed_framework_names.adoc +++ b/docs/header_names/allowed_framework_names.adoc @@ -169,6 +169,7 @@ // Go * Go Standard Library * GORM +* sqlx // Kubernetes * Helm // Kotlin diff --git a/rules/S3649/go/how-to-fix-it/sqlx.adoc b/rules/S3649/go/how-to-fix-it/sqlx.adoc new file mode 100644 index 00000000000..9fde869f5ff --- /dev/null +++ b/rules/S3649/go/how-to-fix-it/sqlx.adoc @@ -0,0 +1,43 @@ +== How to fix it in sqlx +=== Code examples + +include::../../common/fix/code-rationale.adoc[] + +==== Noncompliant code example + +[source,go,diff-id=111,diff-type=noncompliant] +---- +func authenticate(w http.ResponseWriter, r *http.Request, db *sqlx.DB) { + username := r.FormValue("username") + password := r.FormValue("password") + var user User + row := db.QueryRow("SELECT * FROM users WHERE username='" + username + "' AND password = '" + password + "'") // Noncompliant + if err := row.Scan(&user); err != nil { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + fmt.Fprintf(w, "Authentication successful") +} +---- + +==== Compliant solution + +[source,go,diff-id=111,diff-type=compliant] +---- +func authenticate(w http.ResponseWriter, r *http.Request, db *sqlx.DB) { + username := r.FormValue("username") + password := r.FormValue("password") + var user User + row := s.db.QueryRow("SELECT * FROM users WHERE username=? AND password=?", username, password) + if err := row.Scan(&user); err != nil { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + fmt.Fprintf(w, "Authentication successful") +} +---- + +=== How does this work? + +include::../../common/fix/prepared-statements.adoc[] + diff --git a/rules/S3649/go/rule.adoc b/rules/S3649/go/rule.adoc index af813523b4a..89f94773ce1 100644 --- a/rules/S3649/go/rule.adoc +++ b/rules/S3649/go/rule.adoc @@ -10,6 +10,8 @@ include::how-to-fix-it/stdlib.adoc[] include::how-to-fix-it/gorm.adoc[] +include::how-to-fix-it/sqlx.adoc[] + == Resources include::../common/resources/docs.adoc[]