Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-201

Single quote SQL Injection in PostgresClient.saveBatch(table, list, handler)

    XMLWordPrintable

    Details

    • Template:
    • Development Team:
      Prokopovych

      Description

      Invoke PostgresClient.saveBatch(table, list, handler) with a list with a pojo that has a field that contains a single quote. Example in saveBatchSingleQuote() unit test:
      https://github.com/folio-org/raml-module-builder/blob/8f1e06d9020597208e741fe8aa618f8e051c04dd/domain-models-runtime/src/test/java/org/folio/rest/persist/PostgresClientIT.java#L401-L407

      It fails with "unterminated quoted identifier", reported PostgreSQL's SQL scanner.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                julianladisch Julian Ladisch
                Tester Assignee:
                Adam Dickmeiss Adam Dickmeiss
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases