Version: 9.3.0.51899 (Developer Edition)
Vulnerability: jssecurity:S3649
Scan does not catch instances of SQL injection vulnerabilities.
async function updateFilter(req) {
try {
let { id, name, label, filter } = req.body;
const q = `UPDATE filters SET name = '${name}', label = '${label}', filter = '${filter}', WHERE id = '${id}';`;
const pgr = await pool.query(q);
pool.end();
return pgr.rows;
} catch (e) {
...
}
}