Safesql: Tatic analysis tool for Go that protects against SQL injections

SafeSQL

Safesql: Tatic analysis tool for Go that protects against SQL injections

Category : Blog

SafeSQL

SafeSQL is a static analysis tool for Go that protects against SQL injections.

SQL Injection is one of the vulnerabilities in OWASP’s Top Ten List for Web Based Application Exploitation. These types of attacks takes place on Dynamic Web applications as they interact with the databases for the various operations.

 

SafeSQL

 

How does SafeSQL work:

SafeSQL uses the static analysis utilities in go/tools to search for all call sites of each of the query functions in packages (database/sql,github.com/jinzhu/gorm,github.com/jmoiron/sqlx) (i.e., functions which accept a parameter named query,sql). It then makes sure that every such call site uses a query that is a compile-time constant.

The principle behind SafeSQL’s safety guarantees is that queries that are compile-time constants cannot be subverted by user-supplied data: they must either incorporate no user-controlled values, or incorporate them using the package’s safe placeholder mechanism. In particular, call sites which build up SQL statements via fmt.Sprintf or string concatenation or other mechanisms will not be allowed.

query

 

False positives:

If SafeSQL passes, your application is free from SQL injections (modulo bugs in the tool), however, there are a great many safety programs which SafeSQL will declare potentially unsafe. These false positives fall roughly into two buckets:

First, SafeSQL does not currently recursively trace functions in the call graph.

Only call MyQuery with compile-time constants, your program is safe; however, SafeSQL will report that (*database/sql.DB).Query is called with a non-constant parameter (namely the parameter to MyQuery). This is by no means a fundamental limitation: SafeSQL could recursively trace the query argument through every intervening helper function to ensure that its argument is always constant, but this code has yet to be written.

 

MyQuery

 

The second sort of false positive is based on a limitation in the sort of analysis SafeSQL performs: there are many safe SQL statements which are not feasible (or not possible) to represent as compile-time constants. More advanced static analysis techniques (such as taint analysis) or user-provided safety annotations would be able to reduce the number of false positives, but this is expected to be a significant undertaking.

 

SafeSQL

 

Most Popular Training Courses at Indian Cyber Security Solutions:

 

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Leave a Reply

Show Buttons
Hide Buttons