Skip to content

PR that raises vulnerabilities#2

Open
christophe-havard-sonarsource wants to merge 3 commits into
masterfrom
adding-vuln-sqlquery
Open

PR that raises vulnerabilities#2
christophe-havard-sonarsource wants to merge 3 commits into
masterfrom
adding-vuln-sqlquery

Conversation

@christophe-havard-sonarsource

Copy link
Copy Markdown

No description provided.

@christophe-havard-sonarsource christophe-havard-sonarsource changed the title Create sqlquery.php PR that raises vulnerabilities Feb 22, 2022
@sonarqubecloud

Copy link
Copy Markdown

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability E 1 Vulnerability
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@ghost

ghost commented Jun 28, 2022

Copy link
Copy Markdown

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability E 2 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Comment thread sqlquery.php
{
$userId = $request->get('name');
$sql = "SELECT username FROM user WHERE id='$userId'";
$statement = $this->connection->prepare($sql);

Check failure

Code scanning / SonarCloudsquad-1

Database queries should not be vulnerable to injection attacks

<!--SONAR_ISSUE_KEY:AYGqXA5_KW4f87dK4H5--->Change this code to not construct SQL queries directly from user-controlled data.
Comment thread sqlquery.php
{
$userId = $request->get('id');
$sql = "SELECT email FROM user WHERE id='$userId'";
$statement = $this->connection->prepare($sql);

Check failure

Code scanning / SonarCloudsquad-1

Database queries should not be vulnerable to injection attacks

<!--SONAR_ISSUE_KEY:AYGqXA5_KW4f87dK4H5_-->Change this code to not construct SQL queries directly from user-controlled data.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants