- from: database
test: (?i)DROP\s+DATABASE
description: "Dropping a database will permanently delete all its data."
id: database:drop_database
severity: Critical
- from: database
test: (?i)DROP\s+TABLE
description: "Dropping a table will permanently delete all its data."
id: database:drop_table
severity: Critical
- from: database
test: (?i)TRUNCATE\s+TABLE
description: "Truncating a table will delete all rows permanently."
id: database:truncate_table
severity: Critical
- from: database
test: (?i)DELETE\s+FROM\s+\w+\s*;?\s*$
description: "DELETE without a WHERE clause will delete all rows in the table."
id: database:delete_all_rows
severity: Critical
filters:
- type: NotContains
value: "WHERE"
- type: NotContains
value: "where"
alternative: "DELETE FROM <table> WHERE <condition>"
alternative_info: "Always include a WHERE clause to limit which rows are deleted."
- from: database
test: (?i)UPDATE\s+\w+\s+SET\s+.*(?:;|\s*$)
description: "UPDATE without a WHERE clause will modify all rows in the table."
id: database:update_all_rows
severity: High
filters:
- type: NotContains
value: "WHERE"
- type: NotContains
value: "where"
- from: database
test: (?i)DROP\s+(SCHEMA|ROLE|USER)
description: "Dropping a schema, role, or user is a destructive and often irreversible operation."
id: database:drop_schema_role_user
severity: High
- from: database
test: (?i)ALTER\s+TABLE\s+\w+\s+DROP\s+COLUMN
description: "Dropping a column permanently removes data from all rows."
id: database:alter_drop_column
severity: High