You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using Postgres 10/Rails 5, given an INSERT statement as so:
INSERT INTO foos(foo_id, bar_id, external_id, email_address, created_at, updated_at)
SELECT 123, 456, external_id, email_address, NOW(), NOW()
FROM jsonb_to_recordset($${"items":[{"external_id":1234,"email_address":"test@domain.com"}]}$$::jsonb->'items')
AS t(external_id integer, email_address varchar)
The trace that is sent to Scout does not sanitize the JSON object properly. This is what I see as the SQL in Scout:
INSERT INTO foos(foo_id, bar_id, external_id, email_address, created_at, updated_at)
SELECT ?, ?, external_id, email_address, NOW(), NOW()
FROM jsonb_to_recordset($${"items":[{"external_id":"?","email_address":"test@domain.com"}]}$$::jsonb->'items')
AS t(external_id integer, email_address varchar)
Notice that the value of the external_id key in the JSON is sanitized but the value of the email_address key is not. Is there a configuration setting to enable sanitization of all parameters in the query?
The text was updated successfully, but these errors were encountered:
When using Postgres 10/Rails 5, given an
INSERT
statement as so:The trace that is sent to Scout does not sanitize the JSON object properly. This is what I see as the SQL in Scout:
Notice that the value of the
external_id
key in the JSON is sanitized but the value of theemail_address
key is not. Is there a configuration setting to enable sanitization of all parameters in the query?The text was updated successfully, but these errors were encountered: