Is Iden::unquoted vulnerable to user injection? #701

spoxii · 2023-09-12T21:45:25Z

spoxii
Sep 12, 2023

Is the following code safe to use? Does sea-query escape identifiers carefully enough?

let tainted_input: &str = todo!(); // user input, do not trust

let sql = Query::select()
    .from(Alias::new(tainted_input))
    .column(Asterisk)
    .build(PostgresQueryBuilder);

Answered by tyt2y3

Sep 13, 2023

Yes. It will always be quoted and escaped.

View full answer

tyt2y3 · 2023-09-13T07:44:59Z

tyt2y3
Sep 13, 2023
Maintainer

Yes. It will always be quoted and escaped.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is Iden::unquoted vulnerable to user injection? #701

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Is Iden::unquoted vulnerable to user injection? #701

spoxii Sep 12, 2023

Replies: 1 comment

tyt2y3 Sep 13, 2023 Maintainer

spoxii
Sep 12, 2023

tyt2y3
Sep 13, 2023
Maintainer