After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 741777 - libtracker-sparql: Document requirement to escape constructed queries
libtracker-sparql: Document requirement to escape constructed queries
Status: RESOLVED FIXED
Product: tracker
Classification: Core
Component: General
unspecified
Other All
: Normal normal
: ---
Assigned To: tracker-general
Depends on:
Blocks:
 
 
Reported: 2014-12-19 18:35 UTC by Philip Withnall
Modified: 2014-12-22 18:58 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
libtracker-sparql: Document requirement to escape constructed queries (2.52 KB, patch)
2014-12-19 18:35 UTC, Philip Withnall 		committed Details | Review

Description Philip Withnall 2014-12-19 18:35:07 UTC 
Trivial patch attached, in response to some real-world code seen which contained injection vulnerabilities.
Comment 1 Philip Withnall 2014-12-19 18:35:09 UTC 
Created attachment 293068 [details] [review]
libtracker-sparql: Document requirement to escape constructed queries

Bring SQL injection to the front of people’s minds when using the APIs
so that hopefully they don’t write injectable code.
Comment 2 Martyn Russell 2014-12-22 10:33:00 UTC 
Comment on attachment 293068 [details] [review]
libtracker-sparql: Document requirement to escape constructed queries

Looks good to me, thanks for the patch! Please commit :)
Comment 3 Philip Withnall 2014-12-22 18:58:51 UTC 
Attachment 293068 [details] pushed as 87a539e - libtracker-sparql: Document requirement to escape constructed queries