New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad string generating by Expression #486
Comments
More than that, it also allows SQL-injections:
Query with such "Where" clause will return all rows from measurement |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hi @connor4312. Hope you're well! Did you get a chance to look into this? Cheers, Ben |
Not yet. Though I plan to use Influx again (for the first time in ages) for some home automation stuff, so I will probably be spending some time on this library again |
@bencevans any news on this? it's introducing some high security risk |
* fix: prevent sql injection #486 * refactor: grammar escape code * fix: regex escape * fix: eslint config * chore: eslint fix * fix: tring to fix regex * fix: better test sql injection * fix: possible solution to injection * chore: update package-lock.json Co-authored-by: Ben Evans <ben@bluechimp.io>
🎉 This issue has been resolved in version 5.5.3 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Expected Behavior
Trying to escape some random input to break expression
And it should escape characters correctly
Actual Behavior
But it doesn't escape them
Steps/Code to Reproduce the Problem
Specifications
The text was updated successfully, but these errors were encountered: