Qualitivity code

Hello,

In order to install Qualitivity on our organization's computers, the IT team raised the following questions.

Would you be able to provide an answer please?

Thank you in advance!

Best regards,

Susanna

Question 1: The class « Viewer », in the library « Sdl.Community.Qualitivity.Hooks.dll », intercepts operating system processes like keyboard activity. It seems, this capture is not limited to the plugin and, therefore, the plugin could capture users bank account credentials for example. Why do you capture users’ activity? And what are the risks if this library is used as a reference in another project (by a hacker for example…)

Question 2: The class « Query », in the library « Sdl.Community.Qualitivity.TM.dll », contains SQL injection risks in the following functions: getProjects() getActivities() VerifyDocumentActivityRecordsSupportLevel(). These three functions perform string concatenations without using SQL Parameters. Can you check and correct code?

emoji