Add tests for SQL injection attacks on table/view creation and search.

Budibase / budibase

Low code platform for building business apps and workflows in minutes. Supports PostgreSQL, MySQL, MariaDB, MSSQL, MongoDB, Rest API, Docker, K8s, and more 🚀

https://budibase.com

Other

22.83k stars 1.58k forks source link

Add tests for SQL injection attacks on table/view creation and search. #14861

Closed samwho closed 1 month ago

samwho commented 1 month ago

Description

This PR includes a substantial refactor of sql.ts to remove as many calls to Knex raw functionality as we can, as well as shoring up the raw calls we can't remove with checks to make sure the input to them is sanitised.

qa-wolf[bot] commented 1 month ago

QA Wolf here! As you write new code it's important that your test coverage is keeping up. Click here to request test coverage for this PR!