zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-20 01:35:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove the ineffective SQL injection check (#1412)

Browse source 
* Remove the ineffective SQL injection check

Remove the ineffective SQL-injection attack check in go/r3pr/954. It is
quite restrictive, causing a long exempt list. It also doesn't protect
queries made through helpers such as QueryComposer etc.

We will start from scratch for a new solution.
This commit is contained in:
Weimin Yu 2021-11-10 16:28:32 -05:00 committed by GitHub
parent 7cbda7e8a4
commit e9805ecf7d
2 changed files with 0 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

1
core/src/main/java/google/registry/persistence/transaction/JpaTransactionManagerImpl.java
View file

@ -569,7 +569,6 @@ public class JpaTransactionManagerImpl implements JpaTransactionManager {
}
EntityType<?> entityType = getEntityType(key.getKind());
ImmutableSet<EntityId> entityIds = getEntityIdsFromSqlKey(entityType, key.getSqlKey());
// TODO(b/179158393): use Criteria for query to leave not doubt about sql injection risk.
String sql =
String.format("DELETE FROM %s WHERE %s", entityType.getName(), getAndClause(entityIds));
Query query = query(sql);