You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fixed
Code scanning alerts (gosec): Resolved 4 open security alerts:
G115: Replaced byte(unicode.ToLower(rune(ch))) with explicit A-Z range check in sanitizeReadOnlySQL — only converts uppercase ASCII letters, leaving all other characters (_, @, [, etc.) untouched
G201: Added proper identifier validation and dialect-specific quoting in sampleTableData via new sanitizeSQLIdentifier() regex validator and safeQuoteIdentifier() function
G117: Added #nosec G117 with justification — Password field is redacted to "" before JSON marshaling
G602: Added #nosec G602 with justification — bucketIndex is bounded to [0,9] by explicit range checks
Added 29 new test cases covering identifier validation, dialect-specific quoting, and SQL injection rejection
All 18 CI checks passing: gosec, SonarCloud, lint, coverage (85.9%), CodeQL, security
