issuable.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/issuable.rb:133

joins("LEFT OUTER JOIN label_links ON label_links.target_type = '#{name}' AND label_links.target_id = #{table_name}.id")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/issuable.rb or mark it as false positive.

has_environment_scope.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/has_environment_scope.rb:66

where("        environment_scope IN (:wildcard, :environment_name) OR\n          :environment_name LIKE\n            #{::Gitlab::SQL::Glob.to_like("environment_scope")}\n", :wildcard => "*", :environment_name => environment_name)

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/has_environment_scope.rb or mark it as false positive.

traversal_hierarchy.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/namespace/traversal_hierarchy.rb:41

Namespace.connection.exec_query("\n            UPDATE namespaces\n            SET traversal_ids = cte.traversal_ids\n            FROM (#{recursive_traversal_ids}) as cte\n            WHERE namespaces.id = cte.id\n              AND namespaces.traversal_ids <> cte.traversal_ids\n            ")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/traversal_hierarchy.rb or mark it as false positive.

issuable.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/issuable.rb:99

where("EXISTS (SELECT TRUE FROM #{to_ability_name}_assignees WHERE #{to_ability_name}_id = #{to_ability_name}s.id)")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/issuable.rb or mark it as false positive.

group.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/group.rb:195

NotificationSetting.where(:source_type => self.class.base_class.name, :source_id => self_and_ancestors_ids).joins("LEFT JOIN (#{self_and_ancestors(:hierarchy_order => hierarchy_order).to_sql}) AS ordered_groups ON notification_settings.source_id = ordered_groups.id").select("notification_settings.*, ordered_groups.depth AS depth").order("ordered_groups.depth #{hierarchy_order}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/group.rb or mark it as false positive.

project.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/project.rb:638

with_project_feature.where("#{ProjectFeature.quoted_access_level_column(feature)} IS NULL OR #{ProjectFeature.quoted_access_level_column(feature)} IN (:public_visible) OR (#{ProjectFeature.quoted_access_level_column(feature)} = :private_visible AND EXISTS (:authorizations))", :public_visible => ([20, 30]), :private_visible => 10, :authorizations => user.authorizations_for_projects(:min_access_level => ProjectFeature.required_minimum_access_level(feature)))

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/project.rb or mark it as false positive.

issuable.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/issuable.rb:102

where("NOT EXISTS (SELECT TRUE FROM #{to_ability_name}_assignees WHERE #{to_ability_name}_id = #{to_ability_name}s.id)")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/issuable.rb or mark it as false positive.

sortable.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/sortable.rb:51

Label.select(LabelPriority.arel_table[:priority].minimum).left_join_priorities.joins(:label_links).where("label_priorities.project_id = #{project_column}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/sortable.rb or mark it as false positive.

root_storage_statistics.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/namespace/root_storage_statistics.rb:68

PersonalSnippet.joins("INNER JOIN snippet_statistics s ON s.snippet_id = snippets.id").where(:author => namespace.owner_id).select("COALESCE(SUM(s.repository_size), 0) AS #{"snippets_size".freeze}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/root_storage_statistics.rb or mark it as false positive.

traversal_hierarchy.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/namespace/traversal_hierarchy.rb:47

Namespace.joins("INNER JOIN (#{recursive_traversal_ids}) as cte ON namespaces.id = cte.id")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/traversal_hierarchy.rb or mark it as false positive.

sortable.rb
code Severe
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/sortable.rb:57

Label.select(LabelPriority.arel_table[:priority].minimum).left_join_priorities.joins(:label_links).where("label_priorities.project_id = #{project_column}").where("label_links.target_id = #{target_column}").reorder(nil).where("label_links.target_type = #{target_type_column}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/sortable.rb or mark it as false positive.

processable.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/ci/processable.rb:41

where(:scheduling_type => nil).update_all("scheduling_type = CASE WHEN (EXISTS (#{Ci::BuildNeed.scoped_build.select(1).to_sql}))\n         THEN #{scheduling_types[:dag]}\n         ELSE #{scheduling_types[:stage]}\n         END")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/ci/processable.rb or mark it as false positive.

relative_positioning.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/concerns/relative_positioning.rb:174

relation.where(:relative_position => range).update_all("relative_position = relative_position + #{delta}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/relative_positioning.rb or mark it as false positive.

project.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/project.rb:2476

environments.where("name LIKE (#{::Gitlab::SQL::Glob.to_like(::Gitlab::SQL::Glob.q(scope))})")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/project.rb or mark it as false positive.

issuable.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/concerns/issuable.rb:331

joins(:labels).where(:labels => ({ :title => title })).group(*grouping_columns(sort)).having("COUNT(DISTINCT labels.title) = #{title.size}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/issuable.rb or mark it as false positive.

event_collection.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/event_collection.rb:63

filtered_events.limit(limit_for_join_lateral).where("events.#{parent_column} = parents_for_lateral.id")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/event_collection.rb or mark it as false positive.

user.rb
code Moderate
SQL Injection
Discovered 7 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/user.rb:976

project_authorizations.select(1).where("project_authorizations.project_id = #{related_project_column}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/user.rb or mark it as false positive.