Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • E eclipsefdn-api-common
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 14
    • Issues 14
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 2
    • Merge requests 2
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Eclipse FoundationEclipse Foundation
  • IT
  • APIs
  • eclipsefdn-api-common
  • Issues
  • #2
Closed
Open
Issue created Oct 12, 2021 by Martin Lowe@malowe🇨🇦Maintainer

Update SQL generators to use sanitization of strings used in query

We currently use prepared statements to sanitize our fields and block injection based attacks. There is a few fields where, with enough effort, the checks could potentially be circumvented. An example of this is the field name in the order by clause of the HQLGenerator class. Usage of this class is still rare, so the risk is low but we should fix this hole sooner rather than later.

Assignee
Assign to
Time tracking

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent