Closed Kaihui-intel closed 3 months ago
Thank you for your contribution! 💜
Note This comment is automatically generated and will be updates every 180 seconds within the next 6 hours. If you have any other questions, contact chensuyue or XuehaoSun for help.
Type of Change
bug fix
Description
SQL injection When submitting task through gRPC, it calls to the function
TaskSubmitterServicer.SubmitTask
which then calls tosubmit_task_to_db
to do the job. The sql is constructed at run time with thetask
parameter and most attributes of thetask
can be controlled by attacker (e.g. script_url field), which results in SQL injection.Expected Behavior & Potential Risk
the expected behavior that triggered by this PR
How has this PR been tested?
how to reproduce the test (including hardware information)
Dependency Change?
any library dependency introduced or removed