Update documentation related to SQL injection with raw queries#5735
Merged
Conversation
|
@joshbouncesecurity is attempting to deploy a commit to the Prisma Team on Vercel. A member of the Team first needs to authorize it. |
jharrell
approved these changes
Mar 25, 2024
Contributor
jharrell
left a comment
jharrell
left a comment
There was a problem hiding this comment.
Thank you very much @joshbouncesecurity !
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
janpio
suggested changes
Mar 25, 2024
Contributor
There was a problem hiding this comment.
see internal Slack discussion: https://prisma-company.slack.com/archives/C058VM009HT/p1710493203426249
jharrell
suggested changes
Mar 25, 2024
Contributor
jharrell
left a comment
jharrell
left a comment
There was a problem hiding this comment.
Few notes from our internal review. Thank you again @joshbouncesecurity
Co-authored-by: Jon Harrell <4829245+jharrell@users.noreply.github.com>
Contributor
Author
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
Co-authored-by: Jan Piotrowski <piotrowski+github@gmail.com>
Contributor
Author
|
Hi @janpio I think I handled all your comments except this one which I think is better not changed. You can see the specific updates here: |
janpio
approved these changes
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
janpio
reviewed
Mar 26, 2024
Co-authored-by: Jan Piotrowski <piotrowski+github@gmail.com>
jharrell
approved these changes
Mar 26, 2024
Contributor
|
Thank you again for all your help @joshbouncesecurity ! We really appreciate you working with us and a special thanks for your contribution 🙂 |
Contributor
Author
|
You're welcome, I always like to see more detailed security documentation :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe this PR
See discussion here;
https://discord.com/channels/937751382725886062/1218200207884288071
Basically, the docs make it seem like
queryRawandexecuteRaware safe from SQL injection when it fact is possible to use them unsafely as well.I have prepared an update to the documentation to reflect this.
Changes
queryRawandexecuteRaware used safely in a simple case.queryRawandexecuteRawcan also be used unsafely.queryRawandexecuteRawcan be used safely in more complicated cases as well.What issue does this fix?
N/A
Any other relevant information
I deliberately tried to make all examples compatible with the Prisma playground so you can verify them.