sqlilisted
Install: claude install-skill Liaabnormal676/find-cve-agent
# SQL Injection Detection
## When to Use
Audit database-backed applications, ORM wrappers, query builders, and any code that constructs SQL queries from user input.
## Process
### Step 1: Find SQL Query Construction
```
# JavaScript
grep -rn "query(\|execute(\|\.raw(\|\.rawQuery(" .
grep -rn "knex\.raw\|sequelize\.query\|prisma\.\$queryRaw" .
# Python
grep -rn "cursor\.execute\|execute(\|executemany(" .
grep -rn "\.raw(\|RawSQL\|text(" .
grep -rn "f\".*SELECT\|f\".*INSERT\|f\".*UPDATE\|f\".*DELETE" .
# Go
grep -rn "db\.Query\|db\.Exec\|db\.QueryRow\|tx\.Query" .
grep -rn "fmt\.Sprintf.*SELECT\|fmt\.Sprintf.*INSERT" .
# Ruby
grep -rn "find_by_sql\|execute\|select_all\|where.*#\{" .
# PHP
grep -rn "query(\|prepare(\|exec(\|mysql_query\|mysqli_query" .
```
### Step 2: Check for String Concatenation/Interpolation
```
# Template literals in SQL
grep -rn "query.*\`.*\$\{" . --include="*.js" --include="*.ts"
# String concatenation in SQL
grep -rn "SELECT.*\+\|INSERT.*\+\|UPDATE.*\+\|DELETE.*\+" .
# Python f-strings in SQL
grep -rn 'f".*SELECT\|f".*INSERT\|f".*UPDATE\|f".*DELETE' .
# Format strings in SQL
grep -rn "\.format(.*SELECT\|\.format(.*INSERT" .
```
### Step 3: Check for Parameterized Queries
Parameterized queries are SAFE:
```js
// SAFE: parameterized
db.query('SELECT * FROM users WHERE id = ?', [userId]);
// UNSAFE: string concatenation
db.query('SELECT * FROM users WHERE id = ' + userId);
```
### Step 4: Check ORM Raw Methods
ORMs are generally safe, bu