fix(proxy_server.py): security fix - fix sql injection attack on glob…

…al spend logs
BerriAI · Jun 1, 2024 · f75c15d · f75c15d
1 parent 1ec2ba1
commit f75c15d
Showing 1 changed file with 4 additions and 8 deletions.
diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py
@@ -8693,17 +8693,13 @@ async def global_spend_logs(
 
         return response
     else:
-        sql_query = (
-            """
+        sql_query = """
             SELECT * FROM "MonthlyGlobalSpendPerKey"
-            WHERE "api_key" = '"""
-            + api_key
-            + """'
+            WHERE "api_key" = $1
             ORDER BY "date";
-        """
-        )
+            """
 
-        response = await prisma_client.db.query_raw(query=sql_query)
+        response = await prisma_client.db.query_raw(sql_query, api_key)
 
         return response
     return