skwashd
commented
4 weeks ago /nullify this isn't a SQL query. It is an Open Policy Agent query. The concatenated string is setting the name of query properly.
Open nullify-proactiveops[bot] opened 4 weeks ago
skwashd
commented
4 weeks ago /nullify this isn't a SQL query. It is an Open Policy Agent query. The concatenated string is setting the name of query properly.
Severity Threshold: 🔵 MEDIUM1 Potential vulnerability sources found within this repo
🔴 CRITICAL🟡 HIGH🔵 MEDIUM⚪ LOWID: 01JB0Q1PJ1QGZX8SAEBX3E99H1Language: GoSeverity: 🔴 CRITICALCWE-89Injection
SQL Injection is a critical vulnerability that can lead to data or system compromise. By dynamically generating SQL query strings, user input may be able to influence the logic of the SQL statement. This could lead to an adversary accessing information they should not have access to or in some circumstances, being able to execute OS functionality or code. Read more: https://cwe.mitre.org/data/definitions/89.html https://github.com/proactiveops/opa_lambda/blob/f0d5a686bf50bce8c4c5f14b70d1964955b890a9/lambda/policyevaluator/policyevaluator.go#L41
Reply with
/nullifyto interact with me like another developer