Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CO-2615 Provide defense mechanism against SQL injection #897

Merged
merged 4 commits into from Jun 17, 2019

Conversation

Theyiot
Copy link
Collaborator

@Theyiot Theyiot commented Jun 14, 2019

The module partner_compassion previously had a weakness making SQL injection feasible. This PR provides a defense against this, by using the method cursor.mogrify(), which parametrize a string and take care of escaping dangerous characters. This method is provided by PsycoPG, the Python API for PostgreSQL.

@codecov
Copy link

codecov bot commented Jun 14, 2019

Codecov Report

Merging #897 into 10.0 will not change coverage.
The diff coverage is 0%.

Impacted file tree graph

@@           Coverage Diff           @@
##             10.0     #897   +/-   ##
=======================================
  Coverage   42.03%   42.03%           
=======================================
  Files         212      212           
  Lines        8709     8709           
=======================================
  Hits         3661     3661           
  Misses       5048     5048
Impacted Files Coverage Δ
partner_compassion/models/partner_compassion.py 62.01% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4a0426e...1852876. Read the comment docs.

@ecino ecino changed the base branch from 10.0 to devel June 17, 2019 10:09
@ecino ecino merged commit 668d7b9 into CompassionCH:devel Jun 17, 2019
@Theyiot Theyiot deleted the sql_injection_defence branch June 19, 2019 07:03
Theyiot added a commit to Theyiot/compassion-switzerland that referenced this pull request Jul 2, 2019
…#897)

* CO-2615 Provide defence mechanism against SQL injection

* CO-2615 Remove unused import

* CO-2615 Fix two minor flake8 errors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants