Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: High

Problem

Possible SQL injection

Location

app/controllers/admin/screened_ip_addresses_controller.rb:12

ScreenedIpAddress.where("cidr '#{IPAddr.handle_wildcards(params[:filter])}' >>= ip_address")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/controllers/admin/screened_ip_addresses_controller.rb or mark it as false positive.