fix(docs): Update SQL injection examples to use placeholder syntax#6127
Closed
fix-it-felix-sentry[bot] wants to merge 1 commit intomasterfrom
Closed
fix(docs): Update SQL injection examples to use placeholder syntax#6127fix-it-felix-sentry[bot] wants to merge 1 commit intomasterfrom
fix-it-felix-sentry[bot] wants to merge 1 commit intomasterfrom
Conversation
Changed vulnerable SQL injection code examples in agent skill documentation to use placeholder syntax (<user_input>) instead of actual f-strings and string interpolation. This prevents Semgrep from flagging educational documentation as containing real vulnerabilities while maintaining the clarity of the examples. Fixes: https://linear.app/getsentry/issue/PY-2387 Refs: https://linear.app/getsentry/issue/VULN-1539 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
Codecov Results 📊✅ 13 passed | Total: 13 | Pass Rate: 100% | Execution Time: 6.68s All tests are passing successfully. ✅ Patch coverage is 100.00%. Project has 14757 uncovered lines. Generated by Codecov Action |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes Semgrep security findings in AI agent skill documentation by replacing actual vulnerable code patterns with placeholder syntax.
Changes
<user_input>,<user_id>, etc.) instead of actual f-strings and string interpolation.agents/skills/security-review/references/injection.md.agents/skills/security-review/references/error-handling.md.agents/skills/security-review/languages/python.md.agents/skills/security-review/languages/javascript.md.agents/skills/security-review/SKILL.md.agents/skills/code-review/SKILL.mdWhy This Fix
The affected files contain educational examples showing both vulnerable and safe coding patterns. Semgrep's scanner flagged these intentionally vulnerable examples as actual security issues because it cannot distinguish between example code and production code.
By using placeholder syntax (e.g.,
<user_input>instead ofuser_input), the examples:Testing
No functional tests needed as these are documentation-only changes. The modified examples maintain their educational value while avoiding false positive security alerts.
Related Issues
🤖 Generated with Claude Code