Apply a recommended fix for SQL Injection in dotCMS/core

[mbiuki]

core/dotCMS/src/main/java/com/dotcms/rest/api/v1/container/ContainerResource.java

Line 824 in 3a788a0

final ContainerForm containerForm) throws DotDataException, DotSecurityException {

Description
User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (connection.PreparedStatement) or a safe library.

[mbiuki]

https://semgrep.dev/orgs/dotCMS1/findings/213135320

[mbiuki]

@spbolton - please provide a feedback for this piece of code if remediation is required, thanks.

[github-actions]

PRs linked to this issue

• fix(security): Fix SQL injection vulnerabilities in ContainerFactoryImpl by @mbiuki

[mbiuki]

fixed by #33369