zserio icon indicating copy to clipboard operation
zserio copied to clipboard

Published 20 hours ago verified publisher icon ndsev

Protect generated code against SQL injection vulnerability

Open mikir opened this issue 5 years ago • 0 comments

GIVEN some user-specified std::string 'S', WHEN preparing some SQL Query 'Q' which gets concatenated with 'S', THEN before concatenating 'S' with 'Q', zSerio shall apply some SQL string sanitizer QLS : S { S | Error} to 'S' so to avoid an SQL Injection Vulnerarbility.

'QLS' shall abort any operation when discouraged characters OR SQL Keywords are detected.

Prevent an Attacker from executing arbitrary SQL queries which as a consequence can lead to a data leak.

Examples:

https://github.com/ndsev/zserio/blob/940640d11607d16b5e0c079025a7301725ac6e3d/compiler/extensions/cpp/freemarker/SqlDatabase.cpp.ftl#L163 https://github.com/ndsev/zserio/blob/940640d11607d16b5e0c079025a7301725ac6e3d/compiler/extensions/cpp/freemarker/SqlTable.cpp.ftl#L71

Another option could be to use bind functionality of SQLite API.

mikir avatar Feb 26 '20 09:02 mikir