不知道有沒有島民用過casa弱掃過?
https://appdefensealliance.dev/casa/tier-2/ast-guide/static-scan?hl=zh-tw它一直指出我以下的code在「connection.query(」那行有SQL injection的風險,查了查怎樣都是目前參數化做了的解決方案
await new Promise((resolve, reject) => {
const deleteQuery = 'DELETE FROM ?? WHERE id = ?';
connection.query(
deleteQuery, [selectedTableWorkflows, workflowId],
async (error, results) => {
if (error) {
logger.log({
level: 'error',
message: error
});
} else {
connection.end();
resolve();
}
}
);
});
還是我忽略了什麼呢?謝謝