Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQL Injection #4

Open
milovanderlinden opened this issue Dec 9, 2014 · 3 comments
Open

SQL Injection #4

milovanderlinden opened this issue Dec 9, 2014 · 3 comments

Comments

@milovanderlinden
Copy link

Some of the sql statements are vulnerable to SQL injection. This happens when string concatination is used and the SQL statement is not parameterized.(for instance the saveContext function in service.py https://github.com/mapmint/mapmint/blob/900ac66c14bd67451ad001b8e9951c1442a0b864/mapmint-services/context/service.py)
@gfenoy
Copy link
Member

gfenoy commented Jan 13, 2015

Thanks for feedbacks. The issue about the context service should now be fixed by using the pexecute_req function (7c96a54).

Some other files were fixed but there are still some files / services to be fixed.

@Chaz6
Copy link

Chaz6 commented Jul 31, 2016

Have the remaining issues been fixed by now?

@gfenoy
Copy link
Member

gfenoy commented Aug 9, 2016

For this service, it should be fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Chaz6 @milovanderlinden @gfenoy