diff --git a/src/main/java/com/bartek/esa/core/di/PluginModule.java b/src/main/java/com/bartek/esa/core/di/PluginModule.java
index 4a81811..b4d75e3 100644
--- a/src/main/java/com/bartek/esa/core/di/PluginModule.java
+++ b/src/main/java/com/bartek/esa/core/di/PluginModule.java
@@ -119,4 +119,10 @@ public class PluginModule {
     public Plugin intentFilterPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
         return new IntentFilterPlugin(globMatcher, xmlHelper);
     }
+
+    @Provides
+    @IntoSet
+    public Plugin sqlInjectionPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        return new SqlInjectionPlugin(globMatcher, xmlHelper);
+    }
 }
diff --git a/src/main/java/com/bartek/esa/core/plugin/SqlInjectionPlugin.java b/src/main/java/com/bartek/esa/core/plugin/SqlInjectionPlugin.java
new file mode 100644
index 0000000..2e9ab6b
--- /dev/null
+++ b/src/main/java/com/bartek/esa/core/plugin/SqlInjectionPlugin.java
@@ -0,0 +1,25 @@
+package com.bartek.esa.core.plugin;
+
+import com.bartek.esa.core.archetype.JavaPlugin;
+import com.bartek.esa.core.model.enumeration.Severity;
+import com.bartek.esa.core.xml.XmlHelper;
+import com.bartek.esa.file.matcher.GlobMatcher;
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.expr.MethodCallExpr;
+
+import javax.inject.Inject;
+
+public class SqlInjectionPlugin extends JavaPlugin {
+
+    @Inject
+    public SqlInjectionPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        super(globMatcher, xmlHelper);
+    }
+
+    @Override
+    public void run(CompilationUnit compilationUnit) {
+        compilationUnit.findAll(MethodCallExpr.class).stream()
+                .filter(expr -> expr.getName().getIdentifier().equals("rawQuery"))
+                .forEach(expr -> addIssue(Severity.VULNERABILITY, getLineNumberFromExpression(expr), expr.toString()));
+    }
+}
diff --git a/src/main/resources/description.properties b/src/main/resources/description.properties
index 217ea56..bba2b77 100644
--- a/src/main/resources/description.properties
+++ b/src/main/resources/description.properties
@@ -122,3 +122,6 @@ com.bartek.esa.core.plugin.IntentFilterPlugin=Implemented intent filter.\n\
   Component with intent filter was found. It means, that the component is implicitly exposed to public.\n\
   Consider removing intent filter.\n\
   Also be aware, that intent filter is not a security tool. It can be easily omitted.
+
+com.bartek.esa.core.plugin.SqlInjectionPlugin='rawQuery' method detected. Potential SQL injection attack.\n\
+  'rawQuery' method should be avoided because of possibility to inject SQL code.
\ No newline at end of file