Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| const memberId = String(userId); | ||
| const createdBy = String(Constants.DEFAULT_CREATE_USER_ID); | ||
| const membershipType = Constants.memberGroupMembershipName; | ||
| const affected = await this.groupPrismaClient.$executeRaw` |
There was a problem hiding this comment.
[❗❗ security]
Using raw SQL queries with $executeRaw can expose the application to SQL injection attacks if not handled carefully. Ensure that all inputs are properly sanitized and consider using parameterized queries or ORM methods to mitigate this risk.
| } | ||
|
|
||
| try { | ||
| if (this.isUuid(idValue)) { |
There was a problem hiding this comment.
[❗❗ security]
The resolveGroupId method uses raw SQL queries with $queryRaw. Ensure that inputs are properly sanitized to prevent SQL injection vulnerabilities. Consider using parameterized queries or ORM methods.
| } | ||
|
|
||
| try { | ||
| const byDescription = await this.groupPrismaClient.$queryRaw< |
There was a problem hiding this comment.
[❗❗ security]
The findGroupIdByDescriptionOrName method uses raw SQL queries with $queryRaw. Ensure that inputs are properly sanitized to prevent SQL injection vulnerabilities. Consider using parameterized queries or ORM methods.
1 participant
https://topcoder.atlassian.net/browse/PS-522