Hugging Face's logo

Spaces:
MCP-1st-Birthday
/
simple-security-scanner
Sleeping

App Files Community
garibong commited on
Commit
73f6601
ยท
1 Parent(s): 8e103e2

Translate SQL injection messages to English

Browse files
Files changed (1) hide show
  1. src/scanner/sql_injection.py +18 -18
src/scanner/sql_injection.py CHANGED
@@ -76,12 +76,12 @@ class SQLInjectionVisitor(ast.NodeVisitor):
76
  self.vulnerabilities.append({
77
  "id": "sql-injection-fstring",
78
  "severity": "CRITICAL",
79
- "title": "SQL Injection: f-string์œผ๋กœ SQL ์ฟผ๋ฆฌ ์ƒ์„ฑ",
80
- "description": "f-string์„ ์‚ฌ์šฉํ•˜์—ฌ SQL ์ฟผ๋ฆฌ์— ๋ณ€์ˆ˜๋ฅผ ์ง์ ‘ ์‚ฝ์ž…ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.",
81
  "line_number": line_number,
82
  "code_snippet": code_snippet,
83
  "vulnerable_pattern": "f-string interpolation",
84
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜์„ธ์š”: cursor.execute('SELECT * FROM users WHERE id=%s', (user_id,))",
85
  "scanner": "sql_injection",
86
  })
87
 
@@ -103,12 +103,12 @@ class SQLInjectionVisitor(ast.NodeVisitor):
103
  self.vulnerabilities.append({
104
  "id": "sql-injection-concat",
105
  "severity": "CRITICAL",
106
- "title": "SQL Injection: ๋ฌธ์ž์—ด ์—ฐ๊ฒฐ๋กœ SQL ์ฟผ๋ฆฌ ์ƒ์„ฑ",
107
- "description": "+ ์—ฐ์‚ฐ์ž๋กœ SQL ์ฟผ๋ฆฌ๋ฅผ ๋™์ ์œผ๋กœ ์ƒ์„ฑํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.",
108
  "line_number": line_number,
109
  "code_snippet": code_snippet,
110
  "vulnerable_pattern": "string concatenation",
111
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜์„ธ์š”",
112
  "scanner": "sql_injection",
113
  })
114
 
@@ -126,12 +126,12 @@ class SQLInjectionVisitor(ast.NodeVisitor):
126
  self.vulnerabilities.append({
127
  "id": "sql-injection-percent",
128
  "severity": "CRITICAL",
129
- "title": "SQL Injection: % ํฌ๋งทํŒ…์œผ๋กœ SQL ์ฟผ๋ฆฌ ์ƒ์„ฑ",
130
- "description": "% ์—ฐ์‚ฐ์ž๋กœ SQL ์ฟผ๋ฆฌ์— ๋ณ€์ˆ˜๋ฅผ ์ง์ ‘ ์‚ฝ์ž…ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.",
131
  "line_number": line_number,
132
  "code_snippet": code_snippet,
133
  "vulnerable_pattern": "percent formatting",
134
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜์„ธ์š”",
135
  "scanner": "sql_injection",
136
  })
137
 
@@ -150,12 +150,12 @@ class SQLInjectionVisitor(ast.NodeVisitor):
150
  self.vulnerabilities.append({
151
  "id": "sql-injection-format",
152
  "severity": "CRITICAL",
153
- "title": "SQL Injection: .format()์œผ๋กœ SQL ์ฟผ๋ฆฌ ์ƒ์„ฑ",
154
- "description": ".format() ๋ฉ”์„œ๋“œ๋กœ SQL ์ฟผ๋ฆฌ๋ฅผ ๋™์ ์œผ๋กœ ์ƒ์„ฑํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.",
155
  "line_number": line_number,
156
  "code_snippet": code_snippet,
157
  "vulnerable_pattern": "string.format()",
158
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜์„ธ์š”",
159
  "scanner": "sql_injection",
160
  })
161
 
@@ -188,12 +188,12 @@ class SQLInjectionVisitor(ast.NodeVisitor):
188
  self.vulnerabilities.append({
189
  "id": f"sql-injection-{func_name}",
190
  "severity": "CRITICAL",
191
- "title": f"SQL Injection: {func_name}()์— ๋™์  SQL ์ฟผ๋ฆฌ ์‚ฌ์šฉ",
192
- "description": f"{func_name}() ๋ฉ”์„œ๋“œ์— ๋™์ ์œผ๋กœ ์ƒ์„ฑ๋œ SQL ์ฟผ๋ฆฌ๋ฅผ ์ „๋‹ฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.",
193
  "line_number": line_number,
194
  "code_snippet": code_snippet,
195
  "vulnerable_pattern": f"dynamic SQL in {func_name}()",
196
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜์„ธ์š”",
197
  "scanner": "sql_injection",
198
  })
199
 
@@ -261,12 +261,12 @@ def check_sql_pattern_regex(code: str) -> List[Dict[str, Any]]:
261
  vulnerabilities.append({
262
  "id": "sql-injection-regex",
263
  "severity": "HIGH",
264
- "title": "SQL Injection ๊ฐ€๋Šฅ์„ฑ: f-string ์‚ฌ์šฉ ํƒ์ง€",
265
- "description": "SQL ์ฟผ๋ฆฌ์— f-string ๋ณ€์ˆ˜ ์‚ฝ์ž…์ด ์˜์‹ฌ๋ฉ๋‹ˆ๋‹ค.",
266
  "line_number": line_num,
267
  "code_snippet": line.strip(),
268
  "vulnerable_pattern": "f-string with SQL keywords",
269
- "recommendation": "ํŒŒ๋ผ๋ฏธํ„ฐํ™”๋œ ์ฟผ๋ฆฌ ์‚ฌ์šฉ ๊ถŒ์žฅ",
270
  "scanner": "sql_injection",
271
  })
272
 
 
76
  self.vulnerabilities.append({
77
  "id": "sql-injection-fstring",
78
  "severity": "CRITICAL",
79
+ "title": "SQL Injection: SQL query built with f-string",
80
+ "description": "Variables are directly interpolated into SQL query using f-string.",
81
  "line_number": line_number,
82
  "code_snippet": code_snippet,
83
  "vulnerable_pattern": "f-string interpolation",
84
+ "recommendation": "Use parameterized queries: cursor.execute('SELECT * FROM users WHERE id=%s', (user_id,))",
85
  "scanner": "sql_injection",
86
  })
87
 
 
103
  self.vulnerabilities.append({
104
  "id": "sql-injection-concat",
105
  "severity": "CRITICAL",
106
+ "title": "SQL Injection: SQL query built with string concatenation",
107
+ "description": "SQL query is dynamically constructed using the + operator.",
108
  "line_number": line_number,
109
  "code_snippet": code_snippet,
110
  "vulnerable_pattern": "string concatenation",
111
+ "recommendation": "Use parameterized queries",
112
  "scanner": "sql_injection",
113
  })
114
 
 
126
  self.vulnerabilities.append({
127
  "id": "sql-injection-percent",
128
  "severity": "CRITICAL",
129
+ "title": "SQL Injection: SQL query built with % formatting",
130
+ "description": "Variables are directly inserted into SQL query using the % operator.",
131
  "line_number": line_number,
132
  "code_snippet": code_snippet,
133
  "vulnerable_pattern": "percent formatting",
134
+ "recommendation": "Use parameterized queries",
135
  "scanner": "sql_injection",
136
  })
137
 
 
150
  self.vulnerabilities.append({
151
  "id": "sql-injection-format",
152
  "severity": "CRITICAL",
153
+ "title": "SQL Injection: SQL query built with .format()",
154
+ "description": "SQL query is dynamically constructed using the .format() method.",
155
  "line_number": line_number,
156
  "code_snippet": code_snippet,
157
  "vulnerable_pattern": "string.format()",
158
+ "recommendation": "Use parameterized queries",
159
  "scanner": "sql_injection",
160
  })
161
 
 
188
  self.vulnerabilities.append({
189
  "id": f"sql-injection-{func_name}",
190
  "severity": "CRITICAL",
191
+ "title": f"SQL Injection: Dynamic SQL query in {func_name}()",
192
+ "description": f"A dynamically constructed SQL query is passed to the {func_name}() method.",
193
  "line_number": line_number,
194
  "code_snippet": code_snippet,
195
  "vulnerable_pattern": f"dynamic SQL in {func_name}()",
196
+ "recommendation": "Use parameterized queries",
197
  "scanner": "sql_injection",
198
  })
199
 
 
261
  vulnerabilities.append({
262
  "id": "sql-injection-regex",
263
  "severity": "HIGH",
264
+ "title": "Potential SQL Injection: f-string usage detected",
265
+ "description": "Suspected f-string variable interpolation in SQL query.",
266
  "line_number": line_num,
267
  "code_snippet": line.strip(),
268
  "vulnerable_pattern": "f-string with SQL keywords",
269
+ "recommendation": "Use parameterized queries instead",
270
  "scanner": "sql_injection",
271
  })
272