Replace hand crafted query interpolation with sqlx parameter binding (#…

…1952) Summary: Replace hand crafted query interpolation with sqlx parameter binding Relevant Issues: N/A Type of change: /kind bug Test Plan: Verified the following after skaffold'ing this change - [x] Verified that the "Data Retention Scripts" page loads to test the cron script query - [x] Verified that `/admin/clusters` page loads to test the vzmgr query
pixie-io · Jun 24, 2024 · 86c40e7 · 86c40e7
1 parent 6cae152
commit 86c40e7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/cloud/cron_script/controllers/server.go b/src/cloud/cron_script/controllers/server.go
@@ -346,17 +346,22 @@ func (s *Server) GetScripts(ctx context.Context, req *cronscriptpb.GetScriptsReq
 		ids[i] = utils.UUIDFromProtoOrNil(id)
 	}
 
-	strQuery := `SELECT id, org_id, script, cluster_ids, PGP_SYM_DECRYPT(configs, '%s'::text) as configs, enabled, frequency_s FROM cron_scripts WHERE org_id='%s' AND id IN (?)`
-	strQuery = fmt.Sprintf(strQuery, s.dbKey, orgID)
+	strQuery := "SELECT id, org_id, script, cluster_ids, PGP_SYM_DECRYPT(configs, ? ::text) as configs, enabled, frequency_s FROM cron_scripts WHERE org_id=? AND id IN (?)"
+	cronErr := status.Error(codes.Internal, "Failed to get cron scripts")
+
+	query, args, err := sqlx.In(strQuery, s.dbKey, orgID, ids)
 
-	query, args, err := sqlx.In(strQuery, ids)
 	if err != nil {
-		return nil, status.Error(codes.Internal, "Failed to get cron scripts")
+		log.WithError(err).Error("Failed to bind parameters for cron scripts query")
+		return nil, cronErr
 	}
+
 	query = s.db.Rebind(query)
 	rows, err := s.db.Queryx(query, args...)
+
 	if err != nil {
-		return nil, status.Error(codes.Internal, "Failed to get cron scripts")
+		log.WithError(err).Error(fmt.Sprintf("Failed to run cron scripts query: %s", query))
+		return nil, cronErr
 	}
 
 	defer rows.Close()

diff --git a/src/cloud/vzmgr/controllers/server.go b/src/cloud/vzmgr/controllers/server.go
@@ -347,10 +347,9 @@ func (s *Server) GetVizierInfos(ctx context.Context, req *vzmgrpb.GetVizierInfos
               i.control_plane_pod_statuses, i.unhealthy_data_plane_pod_statuses,
 							i.num_nodes, i.num_instrumented_nodes, i.status_message, i.prev_status, i.prev_status_time
               FROM vizier_cluster_info as i, vizier_cluster as c
-              WHERE i.vizier_cluster_id=c.id AND i.vizier_cluster_id IN (?) AND c.org_id='%s'`
-	strQuery = fmt.Sprintf(strQuery, orgIDstr)
+              WHERE i.vizier_cluster_id=c.id AND i.vizier_cluster_id IN (?) AND c.org_id=?`
 
-	query, args, err := sqlx.In(strQuery, ids)
+	query, args, err := sqlx.In(strQuery, ids, orgIDstr)
 	if err != nil {
 		return nil, err
 	}