codacy
diff --git a/‎integration-tests/config-discover/expected/tools-configs/semgrep.yaml‎
Lines changed: 0 additions & 61 deletions b/‎integration-tests/config-discover/expected/tools-configs/semgrep.yaml‎
Lines changed: 0 additions & 61 deletions
@@ -7290,67 +7290,6 @@ rules:
                     exports.handler = $FUNC
             - pattern: $EVENT
       severity: WARNING
-    - id: javascript.aws-lambda.security.tainted-sql-string.tainted-sql-string
-      languages:
-        - javascript
-        - typescript
-      message: Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries.
-      metadata:
-        category: security
-        confidence: MEDIUM
-        cwe:
-            - 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command (''SQL Injection'')'
-        cwe2021-top25: true
-        cwe2022-top25: true
-        impact: MEDIUM
-        likelihood: LOW
-        owasp:
-            - A01:2017 - Injection
-            - A03:2021 - Injection
-        references:
-            - https://owasp.org/www-community/attacks/SQL_Injection
-        subcategory:
-            - vuln
-        technology:
-            - aws-lambda
-      mode: taint
-      pattern-sinks:
-        - patterns:
-            - pattern-either:
-                - patterns:
-                    - pattern-either:
-                        - pattern: |
-                            "$SQLSTR" + $EXPR
-                        - pattern: |
-                            "$SQLSTR".concat(...)
-                        - pattern: util.format($SQLSTR, ...)
-                    - metavariable-regex:
-                        metavariable: $SQLSTR
-                        regex: .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
-                - patterns:
-                    - pattern: |
-                        `...${...}...`
-                    - pattern-regex: |
-                        .*\b(?i)(select|delete|insert|create|update|alter|drop)\b.*
-            - pattern-not-inside: |
-                console.$LOG(...)
-      pattern-sources:
-        - patterns:
-            - pattern-either:
-                - pattern-inside: |
-                    exports.handler = function ($EVENT, ...) {
-                      ...
-                    }
-                - pattern-inside: |
-                    function $FUNC ($EVENT, ...) {...}
-                    ...
-                    exports.handler = $FUNC
-                - pattern-inside: |
-                    $FUNC = function ($EVENT, ...) {...}
-                    ...
-                    exports.handler = $FUNC
-            - pattern: $EVENT
-      severity: ERROR
     - id: javascript.aws-lambda.security.vm-runincontext-injection.vm-runincontext-injection
       languages:
         - javascript