From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38407) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ekBoN-0006Z8-7n for guix-patches@gnu.org; Fri, 09 Feb 2018 11:46:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ekBoJ-0002Xr-Ad for guix-patches@gnu.org; Fri, 09 Feb 2018 11:46:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:55975) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ekBoJ-0002Xj-7I for guix-patches@gnu.org; Fri, 09 Feb 2018 11:46:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ekBoI-0000Hd-6P for guix-patches@gnu.org; Fri, 09 Feb 2018 11:46:02 -0500 Subject: [bug#30386] [PATCH v2 cuirass] database: Prevent SQL injection. Resent-Message-ID: Date: Fri, 9 Feb 2018 17:45:07 +0100 From: Danny Milosavljevic Message-ID: <20180209174507.74345900@scratchpost.org> In-Reply-To: <87k1vmywq9.fsf@gnu.org> References: <20180207231258.31169-1-dannym@scratchpost.org> <20180208163432.9468-1-dannym@scratchpost.org> <87r2pu4hk4.fsf@gnu.org> <20180209121612.09a0cf53@scratchpost.org> <87k1vmywq9.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 30386@debbugs.gnu.org > Right, but now it=E2=80=99s as I wrote above: you can include arguments i= n the > middle of the SQL strings, and =E2=80=98sqlite-exec=E2=80=99 takes care o= f turning > that into question marks and so on: >=20 > https://git.savannah.gnu.org/cgit/guix/guix-cuirass.git/commit/?id=3Db0= c39b31f61cfc494e0dfbe823b3fe4275efbc7a Ah, didn't see that Before. Wow! Nice. I should pull more often :)