Fixed SQL Injection #31
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automatic PR that will fix the following vulnerability in your custom code:
Remediation Description:
Using static code analysis and information from the detection file we select the relevant user provided input to be sanitized. To remediate this vulnerability we use a technique called parameterization in which the query structure is built without the user provided input that is being inserted into the query afterwards. Parameterization prevents the option of changing the sql query structure using special characters that can be inserted by the user. For more information see https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html.
Feedback:
WhiteSource Cure is currently in beta program. We need your help to improve our remediation experience. In case you close the PR, please add one of the following numbers to the comment so that we understand the reasons why you did not accept the change:
We will also look forward for any additional feedback, so feel free to add further comments. When you want to get involved in the beta program, please contact cure@whitesourcesoftware.com.
Thank you for your help,
WhiteSource Cure team