From 836ace43d62274e2f26232bd2946d56304faf128 Mon Sep 17 00:00:00 2001 From: GAURAV singh Date: Thu, 25 Jun 2026 01:07:56 +0530 Subject: [PATCH 1/2] SECURITY: add SQL injection bug --- src/db.js | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 src/db.js diff --git a/src/db.js b/src/db.js new file mode 100644 index 0000000..60d2d96 --- /dev/null +++ b/src/db.js @@ -0,0 +1,4 @@ +function getUserByName(name) { + const query = "SELECT * FROM users WHERE name = '" + name + "'"; + return db.execute(query); +} From 1167e33d4c5f59c1dfdf43f77e1449189708070d Mon Sep 17 00:00:00 2001 From: GAURAV singh Date: Thu, 25 Jun 2026 01:18:08 +0530 Subject: [PATCH 2/2] Apply AI-generated fixes - src/db.js: Fixed SQL injection vulnerability by using parameterized queries. --- src/db.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/db.js b/src/db.js index 60d2d96..2e3bbbf 100644 --- a/src/db.js +++ b/src/db.js @@ -1,4 +1,4 @@ function getUserByName(name) { - const query = "SELECT * FROM users WHERE name = '" + name + "'"; - return db.execute(query); + const query = "SELECT * FROM users WHERE name = ?"; + return db.execute(query, [name]); }