Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE] Fix SQL Injection vulnerability in H2/MySQL implementation. #4639

Merged
merged 1 commit into from
Apr 12, 2020
Merged

[CVE] Fix SQL Injection vulnerability in H2/MySQL implementation. #4639

merged 1 commit into from
Apr 12, 2020

Conversation

wu-sheng
Copy link
Member

Because of previous SQL builder, there is SQL Injection vulnerability. I fixed 3 methods of SQL implementation.

@wu-sheng wu-sheng added bug Something isn't working and you are sure it's a bug! backend OAP backend related. high priority High priority issue, blocking next release. labels Apr 12, 2020
@wu-sheng wu-sheng added this to the 8.0.0 milestone Apr 12, 2020
@codecov-io
Copy link

Codecov Report

Merging #4639 into master will decrease coverage by 0.00%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4639      +/-   ##
==========================================
- Coverage   28.73%   28.72%   -0.01%     
==========================================
  Files        1192     1192              
  Lines       26047    26056       +9     
  Branches     3480     3480              
==========================================
  Hits         7484     7484              
- Misses      17881    17890       +9     
  Partials      682      682
Impacted Files Coverage Δ
.../storage/plugin/jdbc/h2/dao/H2MetricsQueryDAO.java 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5646dfb...2b6aae3. Read the comment docs.

@wu-sheng wu-sheng merged commit 4ce2e9e into master Apr 12, 2020
@wu-sheng wu-sheng deleted the cve-sql-injection branch April 12, 2020 07:44
@Jumbo-WJB Jumbo-WJB mentioned this pull request Jun 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kezhenxu94 kezhenxu94 kezhenxu94 approved these changes

@JaredTan95 JaredTan95 Awaiting requested review from JaredTan95

Assignees
No one assigned
Labels
backend OAP backend related. bug Something isn't working and you are sure it's a bug! high priority High priority issue, blocking next release.
Projects
None yet
Milestone
8.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@wu-sheng @codecov-io @kezhenxu94