MergeShieldDemo
Like what you see? Sign up with GitHub to start governing your own repos — free forever.
Back to Pull Requests
Fix SQL injection in search endpoint
85/100 Critical
85/100 Critical
Changes requested.— SQL injection fix needs parameterized query tests before merging.
GitHub
Summary
SQL injection fix — critical security but implementation introduces new parameterized query pattern without tests.
Model: claude-sonnet-4-20250514Duration: 9800msTokens: 3420
Was this analysis helpful?
Policy Adjustments Applied
AI Score: 78→Adjusted Score: 85+7 from “Flag security-critical paths”
Custom risk policies adjusted the AI-generated score based on file patterns and author rules.
Risk Scores
Overall85/100
Complexity30/100
Security90/100
Blast Radius45/100
Test Coverage85/100
Breaking Change40/100
File-Level Risk
| File | Risk | Category | Details |
|---|---|---|---|
src/routes/search.ts | 90 | security | Direct SQL injection vulnerability in WHERE clause construction |
src/lib/query-builder.ts | 60 | security | New parameterized query builder needs thorough testing |
src/types/search.ts | 15 | complexity | Type definitions for search parameters |
security
90/100Findings
- • Existing search endpoint vulnerable to SQL injection via user input in WHERE clause
- • Fix replaces string concatenation with parameterized queries
- • Two additional endpoints found with similar vulnerability patterns not addressed
Suggestions
- → Audit all other endpoints for SQL injection vulnerabilities
- → Add SQL injection detection to CI pipeline (e.g., sqlcheck)
test Coverage
85/100Findings
- • No tests for parameterized query behavior
- • Missing regression test for the original SQL injection
- • No fuzzing or property-based tests for query builder
Suggestions
- → Add regression test with known SQL injection payloads
- → Add property-based tests for query parameter escaping