vieter-v
/
vieter
2
1
Fork 5
Code Issues 84 Pull Requests 9 Packages Projects Releases 12 Wiki Activity

Possible SQL injection attacks #205

New Issue
Open
opened 2022-05-29 21:43:11 +02:00 by Jef Roosens · 2 comments
Jef Roosens commented 2022-05-29 21:43:11 +02:00
Owner

The new filtering code for the GitRepo & BuildLog could potentially allow for sql injection. Therefore, I want to make sure all inputs are sanitized.

The new filtering code for the GitRepo & BuildLog could potentially allow for sql injection. Therefore, I want to make sure all inputs are sanitized.
Jef Roosens added this to the 0.3.0 milestone 2022-05-29 21:43:11 +02:00
Jef Roosens added the
enhancement
 label 2022-05-29 21:43:11 +02:00
Jef Roosens changed title from Investigate possible SQL injection attack surfaces to Possible SQL injection attacks 2022-06-13 22:28:56 +02:00
Jef Roosens removed this from the 0.3.0 milestone 2022-06-13 22:28:59 +02:00
Jef Roosens added
bug
 and removed
enhancement
 labels 2022-06-13 22:29:04 +02:00
Jef Roosens commented 2022-06-13 22:29:25 +02:00
Poster
Owner

So basically any argument that accepts an arbitrary string currently allows for SQL injection attacks.

So basically any argument that accepts an arbitrary string currently allows for SQL injection attacks.
Jef Roosens commented 2022-11-02 08:18:13 +01:00
Poster
Owner

This should be fixed by #283.

This should be fixed by #283.
Jef Roosens added this to the 0.5.0 milestone 2022-11-02 08:40:55 +01:00
Jef Roosens added this to the (deleted) project 2022-11-02 08:40:57 +01:00
Jef Roosens removed this from the 0.5.0 milestone 2022-12-14 18:50:37 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
renovate/nokogiri-1.x
dev
main
release-0.6.0
renovate/busybox-1.x
renovate/middleman-4.x-lockfile
renovate/webrick-1.x-lockfile
renovate/rouge-4.x
renovate/rouge-3.x-lockfile
renovate/redcarpet-3.x
renovate/middleman-syntax-3.x-lockfile
0.6.0
0.5.0
0.5.0-rc.2
0.5.0-rc.1
0.4.0
0.3.0
0.3.0-rc.1
0.3.0-alpha.2
0.3.0-alpha.1
0.2.0
0.1.0
0.1.0-rc1
Labels
Clear labels   
Roadmap

Tracking issue for a larger task   
V

This issue is blocked by a V issue   
bug

Something is not working   
docs

Something to add to the documentation   
duplicate

This issue or pull request already exists   
enhancement

New feature   
good first issue

A good issue to start out with as a new contributor   
help wanted

Need some help   
idea

Issue for brainstorming a new idea   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
  
Idea

Issue for brainstorming a new idea   
Roadmap

Tracking issue for a larger task   
bug

Something is not working   
duplicate

This issue or pull request already exists   
enhancement

New feature   
help wanted

Need some help   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
Roadmap
V
bug
docs
duplicate
enhancement
good first issue
help wanted
idea
invalid
question
wontfix
Idea
Roadmap
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vieter-v/vieter#205
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?