Discovered about 1 year ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium


Possible SQL injection



Namespace.joins("INNER JOIN (#{recursive_traversal_ids}) as cte ON =")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/traversal_hierarchy.rb or mark it as false positive.