SQL Injection - Flowable APIs Queries

We are using Flowable API to manage our workflows. All flowable APIs are forming SQL statements and it is violated with SQL injection during SAST assessment . Is there any way to make all flowable APIs to form prepared statement queries to prevent from SQL injection?. Please help

Thanks in advance!

Hey @josein007,

Can you please share a Flowable Query that is violating SQL injection. Flowable uses prepared statements for the queries. We are not not creating SQL based on the user input.


The SAST assessment team identified the issue theoretical as they couldn’t see specific queries. We tested by passing SQL injected values and proved that it is uses prepared statement for quires. Thanks for the clarification.