Skip to content

Commit

Permalink
Fix code scanning alert no. 4686: Database query built from user-cont…
Browse files Browse the repository at this point in the history 
…rolled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@esurface @github-advanced-security
esurface and github-advanced-security[bot] authored Jan 10, 2025
1 parent d947416 commit f9f6aac
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions server/src/mysql-api/mysql-knex.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,15 @@ async function closeConnection() {
async function getTableData(schema, table, columns=[], where=undefined, join=undefined, groupby=[])
{
const cols = columns.length > 0 ? columns.join(', ') : '*'
const joinClause = join ? `JOIN ${join}` : ''
const whereClause = where ? `WHERE ${where}` : ''
const groupByClause = groupby.length > 0 ? `GROUP BY ${groupby.join(', ')}` : ''
const results = await KNEX.raw(`SELECT ${cols} FROM ${schema}.${table} ${joinClause} ${whereClause} ${groupByClause}`)
const joinClause = join ? `JOIN ??` : ''
const whereClause = where ? `WHERE ??` : ''
const groupByClause = groupby.length > 0 ? `GROUP BY ??` : ''
const query = `SELECT ${cols} FROM ?? ${joinClause} ${whereClause} ${groupByClause}`
const bindings = [schema + '.' + table]
if (join) bindings.push(join)
if (where) bindings.push(where)
if (groupby.length > 0) bindings.push(groupby.join(', '))
const results = await KNEX.raw(query, bindings)
return results
}

Expand Down

0 comments on commit f9f6aac

Please sign in to comment.