Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-199

Single quote SQL Injection in PostgresClient.delete(table, pojo, handler)

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 64
    • Development Team:
      Core: Platform

      Description

      Invoke PostgresClient.delete(table, pojo, handler) with a pojo that has a field that contains a single quote. Example in deleteSingleQuote() unit test:
      https://github.com/folio-org/raml-module-builder/blob/8f1e06d9020597208e741fe8aa618f8e051c04dd/domain-models-runtime/src/test/java/org/folio/rest/persist/PostgresClientIT.java#L346-L351

      It fails with "unterminated quoted identifier", reported by PostgreSQL's SQL scanner.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                julianladisch Julian Ladisch
                Reporter:
                julianladisch Julian Ladisch
                Tester Assignee:
                Adam Dickmeiss Adam Dickmeiss
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases