Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
P2
-
Resolution: Done
-
Affects Version/s: 19.3.1, 23.12.0, 24.0.0
-
Fix Version/s: 25.0.0
-
Labels:
-
Template:customfield_11100 18793
-
Sprint:CP: sprint 64
-
Development Team:Core: Platform
Description
Invoke PostgresClient.delete(table, pojo, handler) with a pojo that has a field that contains a single quote. Example in deleteSingleQuote() unit test:
https://github.com/folio-org/raml-module-builder/blob/8f1e06d9020597208e741fe8aa618f8e051c04dd/domain-models-runtime/src/test/java/org/folio/rest/persist/PostgresClientIT.java#L346-L351
It fails with "unterminated quoted identifier", reported by PostgreSQL's SQL scanner.
TestRail: Results
Attachments
Issue Links
- relates to
-
RMB-379 wrong Criteria value masking results in SQL Injection
-
- Closed
-
-
RMB-189 PostgresClient should use ? placeholder to avoid SQL Injection
-
- Open
-
-
RMB-200 Single quote SQL Injection in PostgresClient.update(table, updateSection, ...)
-
- Closed
-
-
RMB-201 Single quote SQL Injection in PostgresClient.saveBatch(table, list, handler)
-
- Closed
-
-
RMB-390 Unit tests fail (24.1.0-SNAPSHOT)
-
- Closed
-