GH#3750: Fix SQL injection and Codacy API endpoint in quality-sweep-helper.sh

[marcusquinn]

Summary

• Security fix: Validate --limit flag as a positive integer (^[1-9][0-9]*$) before interpolation into SQL LIMIT clauses in cmd_sonarcloud_query, cmd_codacy_query, and cmd_dedup. Previously, non-numeric values passed via --limit were interpolated directly into sqlite3 queries, allowing SQL injection.
• API fix: Add missing /search suffix to the Codacy v3 issues endpoint (/analysis/organizations/{provider}/{org}/repositories/{repo}/issues → .../issues/search), which is required by the Codacy v3 API.

Both findings were identified by CodeRabbit in PR #1000 review.

Closes #3750

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• no-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 42abb837-4d12-43ca-a125-eff007abb821

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/3750-sql-injection-fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 391 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Mar 9 07:29:43 UTC 2026: Code review monitoring started
Mon Mar 9 07:29:43 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 391

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 391
• VULNERABILITIES: 0

Generated on: Mon Mar 9 07:29:46 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud