search

Githubuser60 / famed-demo

0 stars 0 forks source link

Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls. #24

Open get-famed[bot] opened 1 year ago

get-famed[bot] commented 1 year ago

πŸ¦Έβ€β™€οΈ Famed Scanner

πŸ“ Description

Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls.

πŸ“ Related files

sql-inject.go

This issue was created by famed πŸ€–

get-famed[bot] commented 1 year ago

πŸ€– Assignees for issue Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls. #24 are now eligible to Get Famed.

❌ Add assignees to track contribution times of the issue πŸ¦Έβ€β™€οΈπŸ¦ΉοΈ ❌ Add a single severity (CVSS) label to compute the score 🏷️️

Happy hacking! πŸ¦ΎπŸ’™β€οΈοΈ