Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sql injection issues #807

Merged
merged 11 commits into from
Sep 13, 2022
Merged

Fix sql injection issues #807

merged 11 commits into from
Sep 13, 2022

Conversation

feluelle
Copy link
Member

@feluelle feluelle commented Sep 8, 2022

Description

What is the current behavior?

Currently, we have some sql injection issues in our code which DeepSource detects for us, but some of them we ignored.

What is the new behavior?

This PR should fix them.

Does this introduce a breaking change?

No.

Checklist

  • Created tests which fail without the change (if possible)
  • Extended the README / documentation, if necessary

dimberman
dimberman reviewed Sep 8, 2022
View reviewed changes
python-sdk/src/astro/databases/base.py
if self.table_exists(source_table):
return pd.read_sql(
# We are avoiding SQL injection by confirming the table exists before this statement
f"SELECT * FROM {table_qualified_name}", # skipcq BAN-B608
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for catching this.

@codecov
Copy link

codecov bot commented Sep 9, 2022
edited

Codecov Report

Merging #807 (e4d9cb4) into main (f1030fd) will decrease coverage by 0.17%.
The diff coverage is 75.00%.

@@            Coverage Diff             @@
##             main     #807      +/-   ##
==========================================
- Coverage   93.27%   93.09%   -0.18%     
==========================================
  Files          46       46              
  Lines        1962     1971       +9     
  Branches      247      250       +3     
==========================================
+ Hits         1830     1835       +5     
- Misses        103      105       +2     
- Partials       29       31       +2
Impacted Files Coverage Δ
python-sdk/src/astro/databases/google/bigquery.py 94.01% <60.00%> (-2.29%) ⬇️
python-sdk/src/astro/databases/base.py 96.20% <100.00%> (+0.09%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@feluelle feluelle self-assigned this Sep 9, 2022
@feluelle feluelle marked this pull request as ready for review September 12, 2022 07:55
@kaxil kaxil merged commit 3caf210 into main Sep 13, 2022
@kaxil kaxil deleted the fix/sql-injection-issues branch September 13, 2022 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dimberman dimberman dimberman left review comments

@kaxil kaxil kaxil approved these changes

@tatiana tatiana Awaiting requested review from tatiana tatiana is a code owner

@utkarsharma2 utkarsharma2 Awaiting requested review from utkarsharma2 utkarsharma2 is a code owner

@sunank200 sunank200 Awaiting requested review from sunank200 sunank200 is a code owner

@pankajastro pankajastro Awaiting requested review from pankajastro pankajastro is a code owner

@pankajkoti pankajkoti Awaiting requested review from pankajkoti

Assignees

@feluelle feluelle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@feluelle @dimberman @kaxil