Skip to content

[int] Bandit fixups for MySQL#8671

Merged
fstagni merged 1 commit into
DIRACGrid:integrationfrom
sfayer:fix_banditmysql
Jul 6, 2026
Merged

[int] Bandit fixups for MySQL#8671
fstagni merged 1 commit into
DIRACGrid:integrationfrom
sfayer:fix_banditmysql

Conversation

@sfayer

@sfayer sfayer commented Jul 5, 2026

Copy link
Copy Markdown
Member

Part of #8547.

The queries in the core MySQL module can't be parameterised: There are loads of cases where various SQL functions and syntax are passed through parameters which the parametrisation would break. This patch marks them as safe for bandit (most things are checked with escapeString, etc. already). I've added a few extra checks where it was safe to do so.

It also removes a hack from TransformationDB which no-longer works and replaces it with proper behaviour in the MySQL module (correctly backtick quoting a.b style names if they are provided).

BEGINRELEASENOTES
*Core
FIX: Bandit fixups for MySQL
ENDRELEASENOTES

@sfayer sfayer requested review from atsareg and fstagni as code owners July 5, 2026 22:06
@fstagni

fstagni commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Can you have a look at the pre-commit "error"?

@sfayer sfayer force-pushed the fix_banditmysql branch from 7dff482 to cbda041 Compare July 6, 2026 08:15
@fstagni fstagni merged commit 6e852b2 into DIRACGrid:integration Jul 6, 2026
23 checks passed
@DIRACGridBot DIRACGridBot added the sweep:ignore Prevent sweeping from being ran for this PR label Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

sweep:ignore Prevent sweeping from being ran for this PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants