This repository has been archived by the owner on Jan 19, 2023. It is now read-only.
Incorrect flagging SQL injection in DeveloperForce, a web client library #298
Labels
bug
Something isn't working
Vulnerability URL
Provide the URL to the vulnerability. For example:
Component URL
Provide the URL to the component. For example:
Description
The flagged pull request in the vulnerability report does show a sql-like string being formatted. But that string is consumed as an API query parameter in calling salesforce. So the outcome would more likely be a mangled query.
Looks like a false positive.
The text was updated successfully, but these errors were encountered: