Discovered 9 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/sortable.rb:51

Label.select(LabelPriority.arel_table[:priority].minimum).left_join_priorities.joins(:label_links).where("label_priorities.project_id = #{project_column}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/sortable.rb or mark it as false positive.