Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

- #607

Closed
wants to merge 1 commit into from
Closed

- #607

wants to merge 1 commit into from

Conversation

iaroslav-ciupin
Copy link
Contributor

@iaroslav-ciupin iaroslav-ciupin commented Aug 28, 2023
edited by EngHabu
Loading

@iaroslav-ciupin
validate filter columns
94cf209 
Signed-off-by: Iaroslav Ciupin <[email protected]>
katrogan
katrogan reviewed Aug 28, 2023
View reviewed changes
pkg/manager/impl/util/filters.go
@@ -120,6 +120,54 @@ func prepareValues(field string, values []string) (interface{}, error) {
return preparedValues, nil
}

var allowedJoinTableColumns = map[common.Entity]map[common.Entity]sets.String{
common.Execution: {
common.Execution: gormimpl.ExecutionColumns,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of duplicating the mapping between common.Entity -> allowedcolumns, can we create two sets here?

  1. for entity -> allowed join entities
  2. for entity -> allowed columns

@codecov
Copy link

codecov bot commented Aug 28, 2023

Codecov Report

Merging #607 (af9b631) into master (6c97bb9) will increase coverage by 1.59%.
The diff coverage is 84.61%.

❗ Current head af9b631 differs from pull request most recent head 94cf209. Consider uploading reports for the commit 94cf209 to get more accurate results

@@            Coverage Diff             @@
##           master     #607      +/-   ##
==========================================
+ Coverage   58.72%   60.31%   +1.59%     
==========================================
  Files         171      171              
  Lines       16484    13475    -3009     
==========================================
- Hits         9680     8128    -1552     
+ Misses       5952     4494    -1458     
- Partials      852      853       +1
Flag Coverage Δ
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
pkg/repositories/gormimpl/execution_repo.go 67.36% <ø> (+2.41%) ⬆️
pkg/repositories/gormimpl/launch_plan_repo.go 65.04% <ø> (+1.13%) ⬆️
pkg/repositories/gormimpl/named_entity_repo.go 71.00% <ø> (+3.08%) ⬆️
...repositories/gormimpl/node_execution_event_repo.go 84.61% <ø> (+4.61%) ⬆️
pkg/repositories/gormimpl/node_execution_repo.go 68.46% <ø> (+0.92%) ⬆️
pkg/repositories/gormimpl/project_repo.go 80.00% <ø> (+3.43%) ⬆️
pkg/repositories/gormimpl/signal_repo.go 73.58% <ø> (+4.46%) ⬆️
pkg/repositories/gormimpl/task_execution_repo.go 64.35% <ø> (-0.22%) ⬇️
pkg/repositories/gormimpl/task_repo.go 72.28% <ø> (+4.01%) ⬆️
pkg/repositories/gormimpl/workflow_repo.go 70.12% <ø> (+2.08%) ⬆️
... and 2 more

... and 145 files with indirect coverage changes

@EngHabu EngHabu closed this Aug 28, 2023
@EngHabu EngHabu deleted the fix-sql-injection-list-filters branch August 28, 2023 23:31
@EngHabu EngHabu changed the title Fix SQL injection in List filters - Aug 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@katrogan katrogan katrogan left review comments

@wild-endeavor wild-endeavor Awaiting requested review from wild-endeavor wild-endeavor is a code owner

@EngHabu EngHabu Awaiting requested review from EngHabu EngHabu is a code owner

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@pmahindrakar-oss pmahindrakar-oss Awaiting requested review from pmahindrakar-oss pmahindrakar-oss is a code owner

@hamersaw hamersaw Awaiting requested review from hamersaw hamersaw is a code owner

@eapolinario eapolinario Awaiting requested review from eapolinario eapolinario is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iaroslav-ciupin @katrogan @EngHabu