-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify SQL queries to protect against SQL injections #6
Conversation
@weitsesun can you please review this one too? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job!
@@ -1,3 +1,4 @@ | |||
const newRelic = require('newrelic'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just FYI, if you are not using variable newRelic in server.js. Your can change your 1st line to require('newrelic')
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh nice, didn't realize that! I am going to remove it when testing my proxy server, so I will leave it for now. Good catch though!
let max = 10000000; | ||
const fakeText = ['dksalfjdasl ewqr d aic aewqr aka da', 'afkldfq caskl qeri das fc al', 'jdakl feqlk fda ca ewq', 'fjdkal eq pc qipurexnm']; | ||
const fakeDates = ['2019-01-01', '2018-10-10', '2019-04-04', '2019-05-01']; | ||
const fakeBooleans = ['t', 'f']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have the same problem using faker in k6 script. I can only manually set fake data but using faker in this file. Let me know if you have figured out how to do it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the fake data I don't think it really matters in this case right? The goal of the K6 stress testing is to test the latency of the POST request, not add real information to the database. That's why I just went with a few options. I delete them from my database each day after I run tests with a simple DELETE sql query.
This PR modifies the way in which queries are executed to use parameters to protect against SQL injection attacks.
@weitsesun please review!