GNU bug report logs - #30386
[PATCH cuirass] database: Prevent SQL injection.

Previous Next

Package: guix-patches;

Reported by: Danny Milosavljevic <dannym <at> scratchpost.org>

Date: Wed, 7 Feb 2018 23:14:01 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 30386 <at> debbugs.gnu.org
Subject: [bug#30386] [PATCH v2 cuirass] database: Prevent SQL injection.
Date: Fri, 9 Feb 2018 17:45:07 +0100

> Right, but now it’s as I wrote above: you can include arguments in the
> middle of the SQL strings, and ‘sqlite-exec’ takes care of turning
> that into question marks and so on:
> 
>   https://git.savannah.gnu.org/cgit/guix/guix-cuirass.git/commit/?id=b0c39b31f61cfc494e0dfbe823b3fe4275efbc7a

Ah, didn't see that Before.  Wow!  Nice.

I should pull more often :)

This bug report was last modified 7 years and 138 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30386 [PATCH cuirass] database: Prevent SQL injection.

GNU bug report logs - #30386
[PATCH cuirass] database: Prevent SQL injection.