Check for variable declarations in a SQL statement where there is potential for SQL injections.
Non-Compliant Code Examples
vartable='baz';constfoo="SELECT foo FROM "+table;constselect=`SELECT foo FROM ${table}`;vardel=`DELETE FROM ${table} WHERE condition;`;letupdate=' UPDATE '+table+"SET column1 = value1, column2 = value2"+"WHERE condition;";
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- javascript-node-security # Rules to enforce JavaScript node security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines