I have scanned this project using codeql. There are 7 places in the opms\models\checkworks\checkworks.go file where sql injection can be performed.
Here are two examples of them.
In lines 30 and 31 of the opms\controller\checkworks\checkworks.go file, the system gets the type and date GET parameters and passes them into the ListCheckwork function.
Then the parameters are dynamically spliced strings, leading to sql injection.
Other places that can cause sql injection are.
| id |
filepath |
lineNum |
| 1 |
opms/models/checkworks/checkworks.go |
35 |
| 2 |
opms/models/checkworks/checkworks.go |
38 |
| 3 |
opms/models/checkworks/checkworks.go |
66 |
| 4 |
opms/models/checkworks/checkworks.go |
69 |
| 5 |
opms/models/checkworks/checkworks.go |
128 |
| 6 |
opms/models/checkworks/checkworks.go |
147 |
| 7 |
opms/models/checkworks/checkworks.go |
167 |
I have scanned this project using codeql. There are 7 places in the
opms\models\checkworks\checkworks.gofile where sql injection can be performed.Here are two examples of them.
In lines 30 and 31 of the
opms\controller\checkworks\checkworks.gofile, the system gets thetypeanddateGET parameters and passes them into theListCheckworkfunction.Then the parameters are dynamically spliced strings, leading to sql injection.
Other places that can cause sql injection are.