SQL queries should use parameterized statements, rather than inline arguments.
Locations:
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/orm/orgcloudletpools.go#L69
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/rbac/adapter.go#L99-L104
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/rbac/adapter.go#L38-L143
These are not currently exploitable, due to the fact that the string arguments are subject to input format checks, but best practice should be to avoid inline arguments.
SQL queries should use parameterized statements, rather than inline arguments.
Locations:
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/orm/orgcloudletpools.go#L69
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/rbac/adapter.go#L99-L104
https://github.com/mobiledgex/edge-cloudinfra/blob/master/mc/rbac/adapter.go#L38-L143
These are not currently exploitable, due to the fact that the string arguments are subject to input format checks, but best practice should be to avoid inline arguments.