Discovered about 1 year ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/project.rb:2471

environments.where("name LIKE (#{::Gitlab::SQL::Glob.to_like(::Gitlab::SQL::Glob.q(scope))})")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/project.rb or mark it as false positive.