Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
API - Validate columns parameter against fields in table #7717
API functions get_all_ports and get_port_graphs had an SQL injection vulnerability as they take a list of columns to include and do not validate this. This PR adds that validation in.
DO NOT DELETE THIS TEXT
If you would like to test this pull request then please run:
I did look at that, but it looked a much more heavyweight option than doing a quick query to the DB to get the list for that table only. The file is 100K+ of text to be parsed and then iterated over, rather than a single SQL query which is likely held in the query cache after the first execution anyway.