Audit a codebase for string-concatenated SQL queries, flag each suspect construction with file:line, and suggest a parameterized rewrite.
Static-scans a codebase for SQL queries built via string concatenation or template interpolation, flags each occurrence, and proposes a parameterized rewrite using the project's existing driver API.
repo_dir: project root.language: one of python, node, go, java, php.driver: hint about the SQL client in use (e.g., psycopg2, pg, database/sql).rg -nN '(execute|executemany|query)\s*\(\s*["\x27].*?(\+|%|\.format|f["\x27])' --type py.rg -nN '(query|execute)\s*\(\s*[\x60"\x27].*?\$\{|\+\s*\w+' --type js --type ts.rg -nN 'fmt\.Sprintf\(.*(SELECT|INSERT|UPDATE|DELETE)' --type go.rg -nN '(prepareStatement|createStatement).*\+\s*\w+'.rg -nN '(mysql_query|mysqli_query|->query)\(.*"\..*"'.? placeholders or named params nearby; if every variable interpolation is a parameter binding, skip.semgrep --config=p/sqli <repo_dir>.file:line.cursor.execute("... %s ...", (val,)); pg (Node) -> client.query('... $1 ...', [val]); database/sql (Go) -> db.Query("... ? ...", val).high if user input flows in (look for req.body, request.args, os.Args); medium for internal calls.sqli-audit.md with summary counts and a per-finding section showing the snippet, the rewrite, and severity. Plus a JSON sidecar sqli-audit.json for tooling. Exit 1 if any high-severity finding remains.
Compile or parse the rewritten snippets in isolation (a small python -c or node -e per snippet) to confirm syntactic validity. Re-run Semgrep after the rewrites are applied and confirm zero sqli rule hits. Sample three findings and trace the variable's origin manually; if the variable is a literal constant the severity should drop to info, not high.
text(...), Sequelize): tune the regex to skip the ORM's safe wrappers.CALL: still flag concatenation in the call site.migrations/ by default but expose via a flag.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/sql-injection-finder.
Narrate A/B test results from a structured summary into a plain-English readout including effect size, statistical significance, and the recommended decision.
Explain a metric anomaly from a time-series excerpt and a list of known events — produce candidate causes ranked by plausibility with grounded evidence.
Audit an AWS IAM policy against CloudTrail usage data and propose a minimized policy listing only actions actually invoked in the analysis window.
Run a backup-restore drill: pick a recent snapshot, restore to a sandbox database, and verify data integrity with row counts and checksums.
Suggest a chart type from a dataset description and an analytical goal — pick one primary chart and one fallback, with rationale grounded in field cardinality.
Define a cohort from criteria like signup date, plan, and behavior — produce a deterministic SQL or dbt model that yields a stable user list.