Modify SQL queries to protect against SQL injections #6
Conversation
|
@weitsesun can you please review this one too? Thanks! |
| @@ -1,3 +1,4 @@ | |||
| const newRelic = require('newrelic'); | |||
There was a problem hiding this comment.
Just FYI, if you are not using variable newRelic in server.js. Your can change your 1st line to require('newrelic')
There was a problem hiding this comment.
Oh nice, didn't realize that! I am going to remove it when testing my proxy server, so I will leave it for now. Good catch though!
| let max = 10000000; | ||
| const fakeText = ['dksalfjdasl ewqr d aic aewqr aka da', 'afkldfq caskl qeri das fc al', 'jdakl feqlk fda ca ewq', 'fjdkal eq pc qipurexnm']; | ||
| const fakeDates = ['2019-01-01', '2018-10-10', '2019-04-04', '2019-05-01']; | ||
| const fakeBooleans = ['t', 'f']; |
There was a problem hiding this comment.
I have the same problem using faker in k6 script. I can only manually set fake data but using faker in this file. Let me know if you have figured out how to do it.
There was a problem hiding this comment.
For the fake data I don't think it really matters in this case right? The goal of the K6 stress testing is to test the latency of the POST request, not add real information to the database. That's why I just went with a few options. I delete them from my database each day after I run tests with a simple DELETE sql query.
This PR modifies the way in which queries are executed to use parameters to protect against SQL injection attacks.
@weitsesun please review!