Remediation Description:
Using static code analysis and information from the detection file we select the relevant user provided input to be sanitized. To remediate this vulnerability we use a technique called parameterization in which the query structure is built without the user provided input that is being inserted into the query afterwards. Parameterization prevents the option of changing the sql query structure using special characters that can be inserted by the user. For more information see https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html.
Feedback:
WhiteSource Cure is currently in beta program. We need your help to improve our remediation experience. In case you close the PR, please add one of the following numbers to the comment so that we understand the reasons why you did not accept the change:
Suggestion was incorrect
Suggestion needs manual adaptation
Not interested in automatic remediation
We will also look forward for any additional feedback, so feel free to add further comments. When you want to get involved in the beta program, please contact cure@whitesourcesoftware.com.
This is an automatic PR that will fix the following vulnerability in your custom code:
Remediation Description: Using static code analysis and information from the detection file we select the relevant user provided input to be sanitized. To remediate this vulnerability we use a technique called parameterization in which the query structure is built without the user provided input that is being inserted into the query afterwards. Parameterization prevents the option of changing the sql query structure using special characters that can be inserted by the user. For more information see https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html.
Feedback: WhiteSource Cure is currently in beta program. We need your help to improve our remediation experience. In case you close the PR, please add one of the following numbers to the comment so that we understand the reasons why you did not accept the change:
We will also look forward for any additional feedback, so feel free to add further comments. When you want to get involved in the beta program, please contact cure@whitesourcesoftware.com.
Thank you for your help, WhiteSource Cure team