Check queries for prepared statements #136

zoobot · 2023-03-20T15:43:29Z

Use prepared statements to guard against sql injection.
Good call @tzinckgraf, thanks for bringing this up! I assigned you but feel free to unassign yourself if you'd rather have someone else work on it.

TODO for this issue: check queries to make sure they are PreparedStatements

https://vitaly-t.github.io/pg-promise/PreparedStatement.html

In our code prepared statements can be formatted like this. Note, name must be unique.

const query = {
    name: 'find-source',
    text: 'SELECT * FROM sources WHERE id_source_name =  $1',
    values: idSourceName,
  };

The text was updated successfully, but these errors were encountered:

zoobot · 2023-03-20T15:50:25Z

Do we want to break this up per route to make it easier for new people to jump in here and do them since it will require testing the app full stack and checking tests?

zoobot assigned tzinckgraf Mar 20, 2023

zoobot mentioned this issue Mar 20, 2023

Zoobot/feature/data sources #126

Merged

zoobot added enhancement New feature or request good first issue Good for newcomers backend labels Mar 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check queries for prepared statements #136

Check queries for prepared statements #136

zoobot commented Mar 20, 2023 •

edited

Loading

zoobot commented Mar 20, 2023

Check queries for prepared statements #136

Check queries for prepared statements #136

Comments

zoobot commented Mar 20, 2023 • edited Loading

zoobot commented Mar 20, 2023

zoobot commented Mar 20, 2023 •

edited

Loading