Skip to content

PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

License

Notifications You must be signed in to change notification settings

guillaumeaubert/Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

Repository files navigation

Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

Build Status Coverage Status CPAN License

When building SQL statements manually instead of using an ORM, any input must be quoted or passed using placeholders to prevent the introduction of SQL injection vectors. This policy attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

INSTALLATION

To install this module, run the following commands:

perl Build.PL
./Build
./Build test
./Build install

SUPPORT AND DOCUMENTATION

After installing, you can find documentation for this module with the perldoc command.

perldoc Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection

You can also look for information at:

LICENSE AND COPYRIGHT

Copyright (C) 2013-2017 Guillaume Aubert.

This code is free software; you can redistribute it and/or modify it under the same terms as Perl 5 itself.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE file for more details.

About

PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages