Security Risk
Detects SQL injection patterns, weak crypto algorithms (MD5, SHA1, DES), dangerous APIs (Assembly.Load, Process.Start), and credential exposure.
Why this rule exists
These are not theoretical risks. SQL injection, MD5 password hashes, and unvalidated Process.Start calls are still the top sources of breach disclosures every year.
Code example
+ var sql = $"SELECT * FROM Users WHERE Email = '{email}'";
+ using var hash = MD5.Create();+ var sql = "SELECT * FROM Users WHERE Email = @Email";
+ cmd.Parameters.AddWithValue("@Email", email);
+ var hash = SHA256.HashData(Encoding.UTF8.GetBytes(input));Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0012": { "enabled": true, "severity": "Block" }
}
}See Configuration for the full schema.
Related rules
Hardcoding and Configuration
Detects hardcoded IPs, URLs, connection strings, secrets, and environment names committed to source.
Insecure Random in Security Context
Detects System.Random instantiation within 5 lines of security-sensitive identifiers such as token, apikey, salt, or password. System.Random is not cryptographically secure.
PII Entity Logging Leak
Detects PII-sensitive terms (email, SSN, password, etc.) appearing inside log calls in added lines.
Discussed in
Can AI Code Review Tools Ever Be Deterministic?
Exploring the difference between helpful AI review and trustworthy engineering controls. Why determinism matters more than you think.
A "Performance Improvement" PR Introduced 11 Block-Level Risks
Jellyfin PR #16062 escaped code review despite introducing 11 block-level risks. Discover why traditional tools miss behavioral regressions.
Best AI Code Review Tools for Pull Requests
How to evaluate AI code review tools by evidence quality, repeatability, CI fit, noise control, and merge-gate safety.
Best Code Review Tools for GitHub
A GitHub-focused guide to choosing code review tools across human review, AI assistants, security scanners, static analysis, and PR risk gates.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0012_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.