Skip to content

Commit

Permalink
Fix SQL injection via line comment creation in simple protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
jackc committed Mar 4, 2024
1 parent 7d882f9 commit 826a892
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
10 changes: 10 additions & 0 deletions internal/sanitize/sanitize.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,18 @@ func (q *Query) Sanitize(args ...interface{}) (string, error) {
str = "null"
case int64:
str = strconv.FormatInt(arg, 10)
// Prevent SQL injection via Line Comment Creation
// https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
if arg < 0 {
str = "(" + str + ")"
}
case float64:
// Prevent SQL injection via Line Comment Creation
// https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
str = strconv.FormatFloat(arg, 'f', -1, 64)
if arg < 0 {
str = "(" + str + ")"
}
case bool:
str = strconv.FormatBool(arg)
case []byte:
Expand Down
10 changes: 10 additions & 0 deletions internal/sanitize/sanitize_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,16 @@ func TestQuerySanitize(t *testing.T) {
args: []interface{}{time.Date(2020, time.March, 1, 23, 59, 59, 999999999, time.UTC)},
expected: `insert '2020-03-01 23:59:59.999999Z'`,
},
{
query: sanitize.Query{Parts: []sanitize.Part{"select 1-", 1}},
args: []interface{}{int64(-1)},
expected: `select 1-(-1)`,
},
{
query: sanitize.Query{Parts: []sanitize.Part{"select 1-", 1}},
args: []interface{}{float64(-1)},
expected: `select 1-(-1)`,
},
}

for i, tt := range successfulTests {
Expand Down

0 comments on commit 826a892

Please sign in to comment.