josemakara2 commented on pull request #1671: URL: https://github.com/apache/fineract/pull/1671#issuecomment-808887055
> Thanks for the update, tests pass now. Will review this tomorrow. No problems @thesmallstar, appreciated if you can please have a look as the work progresses. Many thanks! I still believe this is work in progress and would not be a quick win to exhaustively get rid of SQL Injection vulnerabilities. One way is to search the codebase on IDE for concatenations and fix to use parameterized queries. The plan here is to use OWASP ZAP to automatically detect SQL Injections and attend to the list in the report from ZAP analysis. FINERACT-969 has attached html report but that doesn't seem to have scanned Fineract APIs as the output is just on community-app. I have excluded everything else except SQL Injection on ZAP to scan across Fineract API. I have had to quickly setup local test site with OAuth off to simplify things with OWASP ZAP.  A quick look on `Alerts` tab shows the detected violations. I will use the public link https://www.fineract.dev offered by @vorburger and produce the report which will be analysed for priority fixes in jira sub-tasks.  cc @vorburger -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
