Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule S3649: User-provided values should be sanitized before use in SQL statements #517

Closed
Evangelink opened this issue Jun 30, 2017 · 0 comments
Closed

Rule S3649: User-provided values should be sanitized before use in SQL statements #517

Evangelink opened this issue Jun 30, 2017 · 0 comments
Assignees
@Evangelink
Milestone
6.2

Comments

@Evangelink
Copy link
Contributor

Evangelink commented Jun 30, 2017
edited
Loading

RSPEC-3649

Applications that execute SQL commands should neutralize any externally-provided values used in those commands. Failure to do so could allow an attacker to include input that changes the query so that unintended commands are executed, or sensitive data is exposed.

Contributes to MMF-963.
@Evangelink Evangelink added this to the 6.2 milestone Jun 30, 2017
@michalb-sonar michalb-sonar changed the title Update S3649: User-provided values should be sanitized before use in SQL statements Rule S3649: User-provided values should be sanitized before use in SQL statements Jun 30, 2017
@Evangelink Evangelink self-assigned this Jul 10, 2017
@Evangelink Evangelink mentioned this issue Jul 11, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Evangelink Evangelink

Labels
None yet
Projects
None yet
Milestone
6.2
Development

No branches or pull requests
3 participants
@Evangelink @valhristov @michalb-sonar