GNU bug report logs -
#30386
[PATCH cuirass] database: Prevent SQL injection.
Previous Next
Full log
Message #25 received at 30386-done <at> debbugs.gnu.org (full text, mbox):
Danny Milosavljevic <dannym <at> scratchpost.org> skribis:
> + (stmt-text (format #f "\
> +SELECT Builds.id, Builds.timestamp, Builds.starttime, Builds.stoptime, Builds.log, Builds.status, Builds.derivation,\
> +Derivations.job_name, Derivations.system, Derivations.nix_name,\
> +Specifications.repo_name, Specifications.branch \
> +FROM Builds \
> +INNER JOIN Derivations ON Builds.derivation = Derivations.derivation AND Builds.evaluation = Derivations.evaluation \
> +INNER JOIN Evaluations ON Derivations.evaluation = Evaluations.id \
> +INNER JOIN Specifications ON Evaluations.specification = Specifications.repo_name \
> +WHERE (:id IS NULL OR (:id = Builds.id)) \
> +OR (:project IS NULL OR (:project = Specifications.repo_name)) \
> +OR (:jobset IS NULL OR (:jobset = Specifications.branch)) \
> +OR (:job IS NULL OR (:job = Derivations.job_name)) \
> +OR (:system IS NULL OR (:system = Derivations.system)) \
> +OR (:status IS NULL OR (:status = 'done' AND Builds.status >= 0) OR (:status = 'pending' AND Builds.status < 0)) \
> +ORDER BY ~a ~a LIMIT :nr;" order-column-name order))
> + (stmt (sqlite-prepare db stmt-text #:cache? #t)))
> + (sqlite-bind-args stmt #:id (assqx-ref filters 'id)
> + #:project (assqx-ref filters 'project)
> + #:jobset (assqx-ref filters 'jobset)
> + #:job (assqx-ref filters 'job)
> + #:system (assqx-ref filters 'system)
> + #:status (and=> (assqx-ref filters 'status)
> + object->string)
> + #:nr (match (assqx-ref filters 'nr)
> + (#f -1)
> + (x x)))
This was pushed as 1bab5c4e56eb1849edc2cf0b23d433aeb2cac421, closing
this issue now.
Thank you!
Ludo’.
This bug report was last modified 7 years and 138 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.