Open get-famed[bot] opened 1 year ago
π€ Assignees for issue Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls. #24 are now eligible to Get Famed.
β Add assignees to track contribution times of the issue π¦ΈββοΈπ¦ΉοΈ β Add a single severity (CVSS) label to compute the score π·οΈοΈ
Happy hacking! π¦Ύπβ€οΈοΈ
π¦ΈββοΈ Famed Scanner
π Description
Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, used parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls.
π Related files
sql-inject.go
This issue was created by famed π€