-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Fix more SQL injections #10280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix more SQL injections #10280
Conversation
|
This is so helpful, @gyohuangxin 💯 |
| @@ -547,7 +547,10 @@ func ClearLine() { | |||
| clearCmd = exec.Command("cmd", "/c", "cls") // for Windows | |||
| } | |||
| clearCmd.Stdout = os.Stdout | |||
| clearCmd.Run() | |||
| err := clearCmd.Run() | |||
| if err != nil { | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gyohuangxin @MUzairS15 I wonder if we should be using a MeshKit Error here. https://docs.meshery.io/project/contributing/contributing-error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's your perspective, @MUzairS15?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the usage of meshkit error is appropriate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@leecalcote @MUzairS15 It's a good idea, can we create another issue to track this? So that we can fix the security issues as quickly as possible. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we are - #10343
Signed-off-by: Xin Huang <xin1.huang@intel.com>
Signed-off-by: Xin Huang <xin1.huang@intel.com>
Signed-off-by: Xin Huang <xin1.huang@intel.com>
Signed-off-by: Xin Huang <xin1.huang@intel.com>
c1ad7e3 to
2a583c4
Compare

Notes for Reviewers
This PR fixes SQL injection in /api/v2/events and /api/system/meshync/resources/kinds.
Similar vulnerabilities has been fixed in #10207 and #9372 using SanitizeOrderInput function, which you can uses as a reference.
Signed commits