Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize user input to prevent SQL injections #1889

Open
alexey2baranov opened this issue Mar 11, 2024 · 0 comments
Open

Sanitize user input to prevent SQL injections #1889

alexey2baranov opened this issue Mar 11, 2024 · 0 comments

Comments

@alexey2baranov
Copy link

Description

It would be great if we have a sanitize() function fo user input tool to prevent SQL injection. Consider this code

{
  "anonymousId": some_user_input,
  "email": "[email protected]"
}

if user sends SQL injection some_user_input= "0" or something=1 or anonymousId="0", then the result will be

{
  "anonymousId": "0\" or something=1 or anonymousId=\"0",
  "email": "[email protected]"
}

and the error output will contain secure information about all available fields.

Expected Behavior

empty result as there is no such anonymous id "0" or something=1 or anonymousId="0"

Current Behavior

and the output will contain secure information about all available fields.

Context

This is classical SQL injection which possibly appears in every user controller where controller expects user input

Possible Solution

Provide sanitize() function which prevent SQL injections
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexey2baranov