Skip to content

Commit bb7f114

Browse files
roggenkemperroggenkemper
committed
fixes
1 parent 2a11492 commit bb7f114

File tree

1 file changed

+5
-5
lines changed
  • docs/product/issues/issue-details/query-injection-issues

1 file changed

+5
-5
lines changed

docs/product/issues/issue-details/query-injection-issues/index.mdx

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@ sidebar_order: 50
44
description: "Learn more about Potential Query Injection Vulnerability issues and how to diagnose and fix them."
55
---
66

7-
Potential Query Injection Vulnerability issues are raised when Sentry detects values taken directly from an incoming request being incorporated into a database query. Unsanitised interpolation of user input can lead to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) and related attacks.
7+
Potential Query Injection Vulnerability issues are raised when Sentry detects values taken directly from an incoming request being incorporated into a database query. Unsanitized interpolation of user input can lead to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) and related attacks.
88

9-
## Detection criteria
9+
## Detection Criteria
1010

1111
The detector evaluates each request in **two stages**:
1212

@@ -25,11 +25,11 @@ Request → GET /api?username=bob
2525
Query → SELECT * FROM users WHERE username = 'bob'
2626
```
2727

28-
Because the value `'bob'` is inserted directly from the `username` parameter into the query, Sentry flags the operation as potentially vulnerable. **An issue indicates a _risk_, not that an exploit has already occurred.**
28+
Because the value `'bob'` is inserted directly from the `username` parameter into the query, Sentry flags the operation as potentially vulnerable. **An issue indicates a security _risk_, not a confirmation that an exploit has already occurred.**
2929

30-
### False positives
30+
### False Positives
3131

32-
Some ORMs or query‑builder libraries assemble SQL strings internally before parameterising them. We suppress many known libraries, but unrecognised ones may still trigger the detector. If you believe an issue is a false positive, leave feedback on the issue page.
32+
Some ORMs or query‑builder libraries assemble SQL strings internally before parameterizing them. We automatically suppress many known libraries, but unrecognized ones may still trigger the detector. If you believe an issue is a false positive, leave feedback on the issue page.
3333

3434
## Remediation
3535

0 commit comments

Comments
 (0)