Discovered 9 months ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/namespace/root_storage_statistics.rb:70

PersonalSnippet.joins("INNER JOIN snippet_statistics s ON s.snippet_id = snippets.id").where(:author => namespace.owner_id).select("COALESCE(SUM(s.repository_size), 0) AS #{"snippets_size".freeze}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/namespace/root_storage_statistics.rb or mark it as false positive.