Rails Brakeman SQL injection warning while accessing an oracle view/function
|Added at||2017-01-04 17:01|
I have rails code that is consuming an oracle view/function. This is my code:
When run Brakeman analyzer it warns of possible "sql injection attack"
I need to understand if this is a valid warning, if so, how do I remediate it?
Since this is a function & not an actual table, I am not sure what's the right way. If it was a normal model, i would have just followed this pattern: