Uploaded image for project: 'RAML Module Builder'
  1. RAML Module Builder
  2. RMB-803

Fix URL encoding in BuildCQL preventing CQL injection

    XMLWordPrintable

Details

    • 1
    • Core: Platform

    Description

      Overview:

      BuildCQL.buildCQL() doesn't URL encode cqlStatementOperator and operatorBetweenArgs. This may result in CQL injection.

      Solution:

      URL encode the complete CQL query.

       

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Bug - A problem which impairs or prevents the functions of the product. RMB-379 wrong Criteria value masking results in SQL Injection

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. RMB-396 mask ) ] } in regexp to prevent SQL injection

            • TBD - To be determined
            • Closed

            Task - A task that needs to be done. RMB-565 review if all CQL to SQL generation code is using masking

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Task - A task that needs to be done. RMB-725 StringUtil.cqlEncode masking CQL characters preventing CQL injection

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases