We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.

Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: High


Possible SQL injection



DirectoryItem.where(:period_type => DirectoryItem.period_types[params.require(:period).to_sym]).includes(:user).order("directory_items.#{(params[:order] or DirectoryItem.headings.first)} #{("ASC" or "DESC")}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/controllers/directory_items_controller.rb or mark it as false positive.