SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

I01 Injection Risk Patterns

What this means

SiteShadow flagged "injection-shaped" code patterns where untrusted input may be interpreted as code, a query, a command, or a template.

Why it matters

Safer examples

1) Parameterize queries (don't concatenate)

await db.query("SELECT * FROM users WHERE id = $1", [id]);

2) Don't evaluate user input

# Bad: eval(user_input)
# Good: parse and validate a known format instead
value = int(user_input)

3) Avoid "build a shell command string"

subprocess.run(["convert", "--", input_path, output_path], check=True)

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.