KSEF-BUS-191 SECURITY Warning KSeF Guard Only
SQL injection pattern in invoice text fields
Wzorzec SQL injection w polach tekstowych faktury
Problem
An invoice text field contains SQL-like patterns (e.g. SELECT, DROP TABLE). This may indicate an attack attempt or an accidental paste of code.
How to Fix
Check item descriptions — if the text is intentional, rephrase it so that it does not resemble database commands.
Source Reference
KSeF Guard security heuristic (SQL injection prevention)
Source Quote
“Invoice text fields must not contain SQL injection patterns (DROP TABLE, UNION SELECT, etc.).”
Description
SHA-256: cb74b646c927…
Justification
FORMATLegal Basis Chain
1
KSeF Guard — SQL injection prevention
KSeF Guard — prewencja SQL injection
“[KSeF Guard heuristic] Invoice text fields in the FA(3) schema are of xsd:string type and should contain plain text only. SQL injection patterns are not explicitly prohibited by the VAT Act but represent a classical attack vector against systems consuming invoice data. Guard detects potentially dangerous patterns before they reach downstream layers (e.g. reports, dashboards, database export).”
KSeF Guard security heuristic (SQL injection prevention)