Dashboard
Dashboard

Documentation

Demo Call with CEO

Blog

Slack

Get Started

CodeAnt AI
Setup
Control Center
Pull Request Review
IDE
Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
  - Aws-lambda
  - Aws-sdk-core
  - Cassandra
  - Excon
  - Faraday
  - Jwt
  - Lang
  - Mongo
  - Mysql2
  - Octokit
  - Pg
  - Rails
    - Correctness
    - Performance
    - Security
      - Audit
      - Audit
        Sqli
        Xss
        Xss
        Xxe
      - Brakeman
      - Injection
  - Redis
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Audit

Sqli

ruby-pg-sqli

Detected string concatenation with a non-literal variable in a pg Ruby SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized queries like so: conn.exec_params('SELECT $1 AS a, $2 AS b, $3 AS c', [1, 2, nil]) And you can use prepared statements with exec_prepared.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

Audit Xss

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.