From 6be3c6e99e57bd266fe58532d4eda59781c2f52a Mon Sep 17 00:00:00 2001
From: Richard Roggenkemper <rroggenkemper22@berkeley.edu>
Date: Mon, 30 Jun 2025 13:48:58 -0700
Subject: [PATCH 1/3] docs update

---
 .../query-injection-issues/index.mdx          | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 docs/product/issues/issue-details/query-injection-issues/index.mdx

diff --git a/docs/product/issues/issue-details/query-injection-issues/index.mdx b/docs/product/issues/issue-details/query-injection-issues/index.mdx
new file mode 100644
index 0000000000000..bdd7dc7f2d49f
--- /dev/null
+++ b/docs/product/issues/issue-details/query-injection-issues/index.mdx
@@ -0,0 +1,38 @@
+---
+title: "Potential Query Injection Vulnerability"
+sidebar_order: 50
+description: "Learn more about Potential Query Injection Vulnerability issues and how to diagnose and fix them."
+---
+
+Potential Query Injection Vulnerability issues are raised when Sentry detects values taken directly from an incoming request being incorporated into a database query. Unsanitised interpolation of user input can lead to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) and related attacks.
+
+## Detection criteria
+
+The detector evaluates each request in **two stages**:
+
+1. **Filter request values** – Discards tokens that are:
+
+   - too short,
+   - SQL keywords, or
+   - other frequently benign values.
+
+2. **Match against queries** – Scans executed queries. If **both** a payload key _and_ its value appear in the same query string, Sentry creates a _Potential Query Injection Vulnerability_ issue.
+
+### Example
+
+```
+Request →  GET /api?username=bob
+Query   →  SELECT * FROM users WHERE username = 'bob'
+```
+
+Because the value `'bob'` is inserted directly from the `username` parameter into the query, Sentry flags the operation as potentially vulnerable. **An issue indicates a _risk_, not that an exploit has already occurred.**
+
+### False positives
+
+Some ORMs or query‑builder libraries assemble SQL strings internally before parameterising them. We suppress many known libraries, but unrecognised ones may still trigger the detector. If you believe an issue is a false positive, leave feedback on the issue page.
+
+## Remediation
+
+- Use **parameterised queries / prepared statements** instead of string concatenation.
+- **Validate and sanitise** all external input.
+- Avoid **raw queries** when safe ORM APIs are available.

From 2a114928feb4ca3a5fa4919e3d7a1c40c8a63ef7 Mon Sep 17 00:00:00 2001
From: Richard Roggenkemper <rroggenkemper22@berkeley.edu>
Date: Tue, 1 Jul 2025 09:58:23 -0700
Subject: [PATCH 2/3] update

---
 .../issues/issue-details/query-injection-issues/index.mdx   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/product/issues/issue-details/query-injection-issues/index.mdx b/docs/product/issues/issue-details/query-injection-issues/index.mdx
index bdd7dc7f2d49f..5838ba710e7e4 100644
--- a/docs/product/issues/issue-details/query-injection-issues/index.mdx
+++ b/docs/product/issues/issue-details/query-injection-issues/index.mdx
@@ -1,5 +1,5 @@
 ---
-title: "Potential Query Injection Vulnerability"
+title: "Potential Query Injection Vulnerability Issues"
 sidebar_order: 50
 description: "Learn more about Potential Query Injection Vulnerability issues and how to diagnose and fix them."
 ---
@@ -14,9 +14,9 @@ The detector evaluates each request in **two stages**:
 
    - too short,
    - SQL keywords, or
-   - other frequently benign values.
+   - other frequently benign values
 
-2. **Match against queries** – Scans executed queries. If **both** a payload key _and_ its value appear in the same query string, Sentry creates a _Potential Query Injection Vulnerability_ issue.
+2. **Match against queries** – Scans database queries and if **both** a payload key _and_ its value appear in the same query, Sentry creates a Potential Query Injection Vulnerability issue.
 
 ### Example
 

From bb7f114262e6646fc8b85e90ac8ff89fbf51dbce Mon Sep 17 00:00:00 2001
From: Richard Roggenkemper <rroggenkemper22@berkeley.edu>
Date: Wed, 2 Jul 2025 14:42:07 -0700
Subject: [PATCH 3/3] fixes

---
 .../issue-details/query-injection-issues/index.mdx     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/product/issues/issue-details/query-injection-issues/index.mdx b/docs/product/issues/issue-details/query-injection-issues/index.mdx
index 5838ba710e7e4..edc4a98f03a5e 100644
--- a/docs/product/issues/issue-details/query-injection-issues/index.mdx
+++ b/docs/product/issues/issue-details/query-injection-issues/index.mdx
@@ -4,9 +4,9 @@ sidebar_order: 50
 description: "Learn more about Potential Query Injection Vulnerability issues and how to diagnose and fix them."
 ---
 
-Potential Query Injection Vulnerability issues are raised when Sentry detects values taken directly from an incoming request being incorporated into a database query. Unsanitised interpolation of user input can lead to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) and related attacks.
+Potential Query Injection Vulnerability issues are raised when Sentry detects values taken directly from an incoming request being incorporated into a database query. Unsanitized interpolation of user input can lead to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) and related attacks.
 
-## Detection criteria
+## Detection Criteria
 
 The detector evaluates each request in **two stages**:
 
@@ -25,11 +25,11 @@ Request →  GET /api?username=bob
 Query   →  SELECT * FROM users WHERE username = 'bob'
 ```
 
-Because the value `'bob'` is inserted directly from the `username` parameter into the query, Sentry flags the operation as potentially vulnerable. **An issue indicates a _risk_, not that an exploit has already occurred.**
+Because the value `'bob'` is inserted directly from the `username` parameter into the query, Sentry flags the operation as potentially vulnerable. **An issue indicates a security _risk_, not a confirmation that an exploit has already occurred.**
 
-### False positives
+### False Positives
 
-Some ORMs or query‑builder libraries assemble SQL strings internally before parameterising them. We suppress many known libraries, but unrecognised ones may still trigger the detector. If you believe an issue is a false positive, leave feedback on the issue page.
+Some ORMs or query‑builder libraries assemble SQL strings internally before parameterizing them. We automatically suppress many known libraries, but unrecognized ones may still trigger the detector. If you believe an issue is a false positive, leave feedback on the issue page.
 
 ## Remediation