-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Improvement] Possible SQL injection in MysqlDatabaseOperations.java #4211
Comments
I would like to work on this issue. |
… preventing possible SQL injection in MysqlDatabaseOperations.java
@justinmclean Hi, I think before databaseName is passed into |
We would need to more check more than if it null or empty. I'm not 100% sure that the current check in the capability formwork is enough as it tests for what might be a valid name, rather than malicious SQL. I can see |
@zivali what are you thoughts on this? |
Per my understanding, I think if we assume |
What would you like to be improved?
databaseName in generateDropDatabaseSql is not validated for any potential SQL issues.
How should we improve?
Validate databaseName
The text was updated successfully, but these errors were encountered: