sqlx icon indicating copy to clipboard operation
sqlx copied to clipboard
verified publisher icon jmoiron

SEC-2706

Open kasluthra-sec opened this issue 1 year ago • 1 comments

kasluthra-sec avatar Dec 19 '24 23:12 kasluthra-sec

This breaks the interface and all users of this library. It also doesn't seem to prevent the most likely source of vulnerabilities, somebody accidentally string cat'ing unsafe data but then wrapping it in safesql because it's required. safesql.New(`select ...`+userData). The safesql module doesn't do any parsing, just a new type to enforce at compile time. Unless I'm missing something it feels like this should be a fork?

mrj0 avatar Feb 06 '25 04:02 mrj0

@mrj0 So Sorry, we were experimenting and I think I had accidentally opened this PR against the wrong upstream. Thanks for your comments, appreciate the insight :)

kasluthra-sec avatar May 02 '25 00:05 kasluthra-sec