Remediations
SQL injection in payments handler
criticalProposed patch
raven-1-code-7b--- a/services/payments/handler.go
+++ b/services/payments/handler.go
@@ -41,8 +41,8 @@ func (h *Handler) ListPayments(userID string) ([]Payment, error) {
- query := "SELECT * FROM payments WHERE user_id = '" + userID + "'"
- rows, _ := db.Query(query)
+ const query = "SELECT * FROM payments WHERE user_id = $1"
+ rows, err := h.db.Query(query, userID)
+ if err != nil {
+ return nil, fmt.Errorf("ListPayments: %w", err)
+ }
Generated test
func TestListPayments_RejectsInjection(t *testing.T) {
_, err := h.ListPayments("' OR '1'='1")
require.NoError(t, err) // bound as a literal, no rows leaked
require.Empty(t, h.lastRows)
}
Vulnerability
- Identifier
- CWE-89
- File
- services/payments/handler.go
query := "SELECT * FROM payments WHERE user_id = '" + userID + "'"
rows, _ := db.Query(query)
AI analysis
Root cause. User-controlled `userID` is concatenated directly into the SQL string, allowing an attacker to alter the query and read or modify arbitrary rows.
Fix. Replace string concatenation with a parameterised query so the driver binds `userID` as a value, not as SQL. This neutralises injection while keeping behaviour identical.
confidence 94%
Human approval gate
Nothing ships without your approval. Your decision becomes Raven-1 training data.