Check Injection
check_injectionScan source code for SQL injection, command injection, and path traversal vulnerabilities caused by unsanitized input or unsafe string concatenation. Supports Python, JavaScript, Java, Go, Ruby, and other languages.
Instructions
Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | Source code string to scan for injection vulnerabilities (can be a single file or code snippet) | |
| language | No | Programming language of the code. Must be one of: python, javascript, typescript, java, go, ruby, shell, bash, generic. Use 'generic' if unsure. | generic |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |