Open pergardebrink opened 1 year ago
The sample in the Auth0 docs for IBM DB2 is not using a parameterized SQL Query. If anyone uses this snippet of code, they would be vulnerable to SQL Injection.
https://auth0.com/docs/authenticate/database-connections/db2-script https://github.com/auth0/docs/blob/master/articles/connections/database/db2-script.md?plain=1
The sample should instead use a parameterized query: https://github.com/ibmdb/node-ibm_db/blob/master/APIDocumentation.md#-3-querysqlquery--bindingparameters-callback
Description
The sample in the Auth0 docs for IBM DB2 is not using a parameterized SQL Query. If anyone uses this snippet of code, they would be vulnerable to SQL Injection.
https://auth0.com/docs/authenticate/database-connections/db2-script https://github.com/auth0/docs/blob/master/articles/connections/database/db2-script.md?plain=1
The sample should instead use a parameterized query: https://github.com/ibmdb/node-ibm_db/blob/master/APIDocumentation.md#-3-querysqlquery--bindingparameters-callback