New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SQL injection risks #1

Closed

Nerdmaster opened this issue Feb 7, 2022 · 0 comments · Fixed by #2

Collaborator

Nerdmaster commented Feb 7, 2022

Not really a risk since the data is all internal, but you should still always avoid putting anything directly in a query string. Use bind vars!

dmo-statservice/main.go

Line 241 in e14f85a

    
           insert, err := db.Query("INSERT INTO stats (height_id, blockhash, epoch, coins, miningaddr) VALUES ( " + strconv.Itoa(blockIdToGet) + ", '" + myBlockInfo.Hash + "', " + strconv.Itoa(myBlockInfo.Time) + ", " + strconv.FormatFloat(myBlockInfo.Coins, 'E', -1, 64) + ",'" + myBlockInfo.Addr + "')")

Nerdmaster mentioned this issue

Fix SQL to trust *nothing* #2

Merged

dialmaster closed this as completed in #2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment