SQL Injection
User input is concatenated directly into a SQL query, letting the attacker change the query's logic — read other users' data, drop tables, or execute arbitrary SQL.
GateTest coverage
Caught by: crossFileTaint, security
Example
const q = 'SELECT * FROM users WHERE id = ' + req.params.id; client.query(q)
How to fix it
Use parameterised queries / prepared statements. Never concatenate user input into SQL. ORMs (Prisma, Sequelize, Drizzle) parameterise by default; if you use raw queries, parameterise them. crossFileTaint flags taint from req.body/query/params into query() calls.
Scan your repo for CWE-89
Free preview of findings. Pay per scan — no subscription. AI auto-fix PR included on the Scan + Fix tier.
Frequently asked questions
What is CWE-89 (SQL Injection)?
User input is concatenated directly into a SQL query, letting the attacker change the query's logic — read other users' data, drop tables, or execute arbitrary SQL.
How do I fix sql injection?
Use parameterised queries / prepared statements. Never concatenate user input into SQL. ORMs (Prisma, Sequelize, Drizzle) parameterise by default; if you use raw queries, parameterise them. crossFileTaint flags taint from req.body/query/params into query() calls.
Does GateTest detect sql injection?
Yes — GateTest's crossFileTaint, security modules catch this class. Findings appear in the standard scan output with file and line numbers. On Scan + Fix and Forensic Scan tiers, Claude opens a pull request with the fix.
What rank is SQL Injection in the CWE Top 25?
SQL Injection is ranked #3 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).