Use proper parameter substitution.
ClosedPublic
Actions

Authored by vlorentz on Oct 4 2018, 11:10 AM.

Details

Reviewers

ardumont
moranegg

Group Reviewers

Reviewers

Commits

rDSNIPd712e80d3d33: Use proper parameter substitution.

Summary

This avoids bugs/vulnerability with filenames containing a quote.

Diff Detail

Repository

rDSNIP Code snippets

Branch

parameter-substitution

Lint

No Linters Available

Unit

No Unit Test Coverage

Build Status

Buildable 1503
Build 1847: arc lint + arc unit

Event Timeline

vlorentz created this revision.Oct 4 2018, 11:10 AM

Herald added a reviewer: Reviewers. · View Herald TranscriptOct 4 2018, 11:10 AM

Harbormaster completed remote builds in B1503: Diff 1440.Oct 4 2018, 11:10 AM

vlorentz marked an inline comment as done.Oct 4 2018, 11:12 AM

vlorentz added inline comments.

morane/crossminer_launch.py
79	Note that the substitution is done inside this call, by psycopg itself, after parsing the query; instead of making the data directly in the code.

ardumont accepted this revision.Oct 4 2018, 11:14 AM

This revision is now accepted and ready to land.Oct 4 2018, 11:14 AM

Closed by commit rDSNIPd712e80d3d33: Use proper parameter substitution. (authored by vlorentz). · Explain WhyOct 4 2018, 11:32 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

morane/

crossminer_launch.py

15 lines

Diff 1440

View Options

morane/crossminer_launch.py

Use proper parameter substitution.ClosedPublicActions