Open kostyanf14 opened 12 months ago
Hi @kostyanf14,
Thanks for your report. I've asked the Ruby engineering team to take a look.
Hi @kostyanf14,
The engineering team agrees this is false positive, and they've opened an internal issue to track this. Thanks for the report!
Description of the false positive
Rails execute
sanitize_sql_for_assignment
whenupdate_all
called with an array as the argument: https://github.com/rails/rails/blob/v7.0.8/activerecord/lib/active_record/relation.rb#L476Code samples or links to source code
https://github.com/amnis-invictus/ikt.edu.vn.ua/blob/e404674b8efd9c4ed668866787a8a2ef1b91514f/app/channels/api_channel.rb#L82 https://github.com/amnis-invictus/ikt.edu.vn.ua/blob/e404674b8efd9c4ed668866787a8a2ef1b91514f/app/channels/api_channel.rb#L85
URL to the alert on GitHub code scanning (optional)
https://github.com/amnis-invictus/ikt.edu.vn.ua/security/code-scanning/307 https://github.com/amnis-invictus/ikt.edu.vn.ua/security/code-scanning/308