FACT_core
FACT_core copied to clipboard
fkie-cad
better sanitiziation of analysis results
Isn't this sanitation in the wrong place? Should it be needed at all? As far as I understand plugin results can contain invalid things, so they are sanitized. But shouldn't this sanitation be done by the plugin?
I generally agree but it isn't that easy to sanitize the string (it is a regular string but with unicode characters, so it is in fact valid JSON -- just the database can't handle it) and I don't think this should be handled by each plugin individually either. Also we have the potential problem of custom plugins which we can't control. Maybe it could be handled in the analysis plugin base class but I don't know if that is a better place than the module which explicitly handles data conversion for the database
This seems to only be an issue if the database encoding is not set to "UTF8". My database has this encoding (you can test it with the command SHOW SERVER_ENCODING; in psql), so only null bytes are a problem (which should already be handled). We need to determine in which cases and why the database encoding is not set to "UTF8". Until then I will mark this PR as draft