Support
Dashboard
Dashboard

Join Community

Start Here

What is CodeAnt?

Setup

Github
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
  - Aws-lambda
  - Aws-sdk-core
  - Cassandra
  - Excon
  - Faraday
  - Jwt
  - Lang
  - Mongo
  - Mysql2
  - Octokit
  - Pg
  - Rails
    - Correctness
    - Performance
    - Security
      - Audit
      - Audit
        Sqli
        Xss
        Xss
        Xxe
      - Brakeman
      - Injection
  - Redis
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Audit

Sqli

ruby-pg-sqli

Detected string concatenation with a non-literal variable in a pg Ruby SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized queries like so: conn.exec_params('SELECT $1 AS a, $2 AS b, $3 AS c', [1, 2, nil]) And you can use prepared statements with exec_prepared.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

Audit Xss

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.