Updated sql security.

Browse Source
This commit is contained in:
retoor 2025-02-09 02:07:29 +01:00
parent a42c2bdf5d
commit e2a8efe5ca
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/snek/view/rpc.py
View File

@ -113,7 +113,7 @@ class RPCView(BaseView):
print(args,flush=True) print(args,flush=True)
query = args[0] query = args[0]
lowercase = query.lower() lowercase = query.lower()
if "drop" in lowercase or "alter" in lowercase or "update" in lowercase or "delete" in lowercase or 'replace' in lowercase or 'insert' in lowercase or 'select' not in lowercase: if any(["drop" in lowercase, "alter" in lowercase,"update" in lowercase, "delete" in lowercase, 'replace' in lowercase , 'insert' in lowercase , 'truncate' in lowercase , 'select' not in lowercase]):
raise Exception("Not allowed") raise Exception("Not allowed")
records = [dict(record) async for record in self.services.channel.query(args[0])] records = [dict(record) async for record in self.services.channel.query(args[0])]
return records return records