Uploaded image for project: 'Cost Management'
  1. Cost Management
  2. COST-4851

[Snyk] Sanitize SQL queries to avoid injection

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • None
    • Security
    • 5
    • False
    • None
    • False
    • Low

      Snyk has two high severity alerts about sanitizing the queries on Trino and Enabled Tags.

      It is not critical, but it would be good to add an extra layer of protection. The simple solution is to use the trino.sqlalchemy module's text function. This function can escape any special characters in the query parameters.

      As it is an internal function, I've put this as low priority. We have to test it after the change to check if it is running properly.

      REF:

            Unassigned Unassigned
            rh-ee-lbacciot Lucas Bacciotti
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: