Skip to content

Filter "order by" parameter to fix sql inject vuln #9372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MUzairS15 merged 2 commits into from
Nov 20, 2023
Merged

Filter "order by" parameter to fix sql inject vuln #9372

MUzairS15 merged 2 commits into from
Nov 20, 2023

Conversation

@phant0ms
Copy link
Contributor

@phant0ms phant0ms commented Nov 16, 2023

and export SanitizeOrderInput function

Notes for Reviewers

This PR fixes #
fix a sql inject in route api/system/database, in GetSystemDatabase function, filter order by parameter with a exiting function models.SanitizeOrderInput.

Signed commits

  • Yes, I signed my commits.

@welcome
Copy link

welcome bot commented Nov 16, 2023

Yay, your first pull request! 👍 A contributor will be by to give feedback soon. In the meantime, you can find updates in the #github-notifications channel in the community Slack.
Be sure to double-check that you have signed your commits. Here are instructions for making signing an implicit activity while performing a commit.

@phant0ms phant0ms changed the title ## Filter "order by" parameter to fix sql inject vuln Filter "order by" parameter to fix sql inject vuln Nov 16, 2023
@leecalcote leecalcote added the security Issues or pull requests that address a security vulnerability label Nov 16, 2023
@leecalcote
Copy link
Member

leecalcote commented Nov 16, 2023

Thank you for creating a fix for this security vulnerability, @phant0ms 👍

@leecalcote
Copy link
Member

leecalcote commented Nov 16, 2023

You'll want to follow the instructions on this page in order to ensure that your git commits are signed - https://github.com/meshery/meshery/pull/9372/checks?check_run_id=18731162779

MUzairS15
MUzairS15 approved these changes Nov 18, 2023
View reviewed changes
Copy link
Contributor

@MUzairS15 MUzairS15 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix @phant0ms .
Will you make sure to sign your commits so that we can get this merged?
https://github.com/meshery/meshery/pull/9372/checks?check_run_id=18731162779

@phant0ms
## Add "order by" parameter filter
ffe0096 
## and export SanitizeOrderInput function

Signed-off-by: phant0ms <[email protected]>
@phant0ms
Copy link
Contributor Author

phant0ms commented Nov 19, 2023

Sorry for the late reply. i have signed the commit @MUzairS15 @leecalcote

@welcome
Copy link

welcome bot commented Nov 20, 2023

Thanks for your contribution to Meshery! 🎉

Meshery Logo
        Join the community, if you haven't yet and please leave a ⭐ star on the project. 😄

@gyohuangxin gyohuangxin mentioned this pull request Feb 4, 2024
Merged
1 task
@gyohuangxin gyohuangxin mentioned this pull request Feb 13, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nebula-aac nebula-aac Awaiting requested review from nebula-aac

1 more reviewer

@MUzairS15 MUzairS15 MUzairS15 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

component/server security Issues or pull requests that address a security vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@phant0ms @leecalcote @MUzairS15