SQLInjection against CosmosDB in an Azure function

Question

I have implemented an Azure function that is triggered by a HttpRequest. A parameter called name is passed as part of the HttpRequest. In Integrat

Answer 1

When the binding occurs (the data from the HTTP Trigger gets sent to the Cosmos DB Input bind), it is passed through a SQLParameterCollection that will handle sanitization.

Please view this article:

Parameterized SQL provides robust handling and escaping of user input, preventing accidental exposure of data through “SQL injection”

This will cover any attempt to inject SQL through the name property.