linter icon indicating copy to clipboard operation
linter copied to clipboard

Published 20 hours ago verified publisher icon dart-lang

lint to protect against SQL injection (package:sqflite)

Open pq opened this issue 5 years ago • 2 comments

Ensure that SQL query strings are always constant, or use whitelisted string-interpolation methods.

Specifically guard against unsafe use of package:sqflite.

(Placeholder. Details to follow.)

pq avatar May 01 '20 14:05 pq

I am a bit skeptical about this living in the linter itself.

We want library specific lints but I believe these should live in the library itself. The library owner would want some level of control over these lints.

mehmetf avatar May 12 '20 14:05 mehmetf

I agree that such a lint would be best bundled with the package with which it is associated.

Unfortunately, there's more friction involved when choosing that path. Enough so that we usually end up not implementing such lints. (I'm happy to have discuss the reasons with you if you're interested.)

However, being extremely pragmatic, we could define the rule in the linter and then work with the package author move it to the package at some future point.

bwilkerson avatar May 12 '20 15:05 bwilkerson