Potential fix for code scanning alert no. 186: SQL query built from user-controlled sources (#679)

bkaiserinfosec · github-advanced-security[bot] · web-flow · commit 58b8a525013f · 2025-06-30T09:45:42.000-07:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/src/vr/assets/web/settings.py b/src/vr/assets/web/settings.py
@@ -407,7 +407,7 @@ def all_cicd_pipelines(app_id):
         assets = schema.dump(
             filter(lambda t: t.ID != '', assets_all)
         )
-        app = BusinessApplications.query.filter(text(f'ID={app_id}')).first()
+        app = BusinessApplications.query.filter(text("ID=:app_id").params(app_id=app_id)).first()
         app_data = {'ID': app_id, 'ApplicationName': app.ApplicationName, 'Component': app.ApplicationAcronym}
         NAV['appbar'] = 'settings'
         return render_template('assets/all_cicd_pipelines.html', entities=assets, user=user,

Original file line number	Diff line number	Diff line change
`@@ -407,7 +407,7 @@ def all_cicd_pipelines(app_id):`
`407`	`407`	`assets = schema.dump(`
`408`	`408`	`filter(lambda t: t.ID != '', assets_all)`
`409`	`409`	`)`
`410`		`- app = BusinessApplications.query.filter(text(f'ID={app_id}')).first()`
	`410`	`+ app = BusinessApplications.query.filter(text("ID=:app_id").params(app_id=app_id)).first()`
`411`	`411`	`app_data = {'ID': app_id, 'ApplicationName': app.ApplicationName, 'Component': app.ApplicationAcronym}`
`412`	`412`	`NAV['appbar'] = 'settings'`
`413`	`413`	`return render_template('assets/all_cicd_pipelines.html', entities=assets, user=user,`