New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recognize interpolation in SQL strings in embedded SQL #332

Merged
merged 3 commits into from Jun 2, 2018

Conversation

Projects
None yet
1 participant
@50Wliu
Member

50Wliu commented Jun 2, 2018

Requirements

  • Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
  • All new code requires tests to ensure against regressions

Description of the Change

language-sql has match patterns for single-line strings that prevent interpolation injections from matching. To get around this, override those match patterns with our own that recognize interpolations.

Alternate Designs

Make injections work in matches. This would get really hairy, really quickly.

Benefits

Interpolation in single-line strings.

Possible Drawbacks

I don't really see any.

Applicable Issues

Fixes #331

50Wliu added some commits Jun 2, 2018

@50Wliu 50Wliu merged commit 955cc83 into master Jun 2, 2018

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@50Wliu 50Wliu deleted the wl-sql-injections-interpolation branch Jun 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment