Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Trends::Query to avoid brakeman sql injection warnings #25881

Merged
merged 2 commits into from
Jul 12, 2023
Merged

Refactor Trends::Query to avoid brakeman sql injection warnings #25881

merged 2 commits into from
Jul 12, 2023

Conversation

mjankowski
Copy link
Contributor

Query stays the same, avoids direct string interpolation in the query.

@renchap renchap added refactoring Improving code quality ruby Pull requests that update Ruby code labels Jul 10, 2023
@github-actions
Copy link
Contributor

This pull request has merge conflicts that must be resolved before it can be merged.

@github-actions
Copy link
Contributor

This pull request has resolved merge conflicts and is ready for review.

ClearlyClaire
ClearlyClaire previously approved these changes Jul 12, 2023
View reviewed changes
@ClearlyClaire ClearlyClaire dismissed their stale review July 12, 2023 08:39

missed something

ClearlyClaire
ClearlyClaire requested changes Jul 12, 2023
View reviewed changes
app/models/trends/query.rb Outdated
tmp_ids = ids

if tmp_ids.empty?
if ids.empty?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would still use tmp_ids, as ids come from Redis and are not memoized.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated with memoized method wrapping the redis call.

@ClearlyClaire ClearlyClaire merged commit 1ef0148 into mastodon:main Jul 12, 2023
25 checks passed
@mjankowski mjankowski deleted the brakeman-trends-query branch July 12, 2023 14:50
jsgoldstein pushed a commit to jsgoldstein/mastodon that referenced this pull request Jul 21, 2023
@mjankowski @jsgoldstein
Refactor Trends::Query to avoid brakeman sql injection warnings (ma…
7df059b 
…stodon#25881)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
refactoring Improving code quality ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mjankowski @ClearlyClaire @renchap