CX Log_Forging @ vulnerable/sql.go [master]

[github-actions[bot]]

Log_Forging issue exists @ vulnerable/sql.go in branch master

*Method GetProducts at line 68 of vulnerable\sql.go gets user input from element ctx. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in r.HandleFunc at line 36 of server\router.go.This may enable Log Forging.Similarity ID: -773140636

Method GetProducts at line 68 of vulnerable\sql.go gets user input from element db. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in r.HandleFunc at line 36 of server\router.go.This may enable Log Forging.Similarity ID: 780024001

Method GetProducts at line 68 of vulnerable\sql.go gets user input from element category. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in r.HandleFunc at line 36 of server\router.go.This may enable Log Forging.Similarity ID: -1961778658*

Severity: Low

CWE:117

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 68

---

Code (Line #68):

func GetProducts(ctx context.Context, db *sql.DB, category string) ([]Product, error) {

---

[github-actions[bot]]

Issue still exists.