Discovered 9 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/namespace/traversal_hierarchy.rb:41

Namespace.connection.exec_query("\n            UPDATE namespaces\n            SET traversal_ids = cte.traversal_ids\n            FROM (#{recursive_traversal_ids}) as cte\n            WHERE namespaces.id = cte.id\n              AND namespaces.traversal_ids <> cte.traversal_ids\n            ")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/traversal_hierarchy.rb or mark it as false positive.