waku-org/telemetry
1
0
Fork 0
mirror of https://github.com/waku-org/telemetry.git synced 2025-02-22 12:48:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent sql injection

Browse Source
This commit is contained in:
Anthony Laibe 2021-11-08 13:37:32 +01:00
parent ac48453a37
commit aef686cf70
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
telemetry/receivedmessage.go
View File

@ -25,7 +25,7 @@ type ReceivedMessage struct {
} }
func queryReceivedMessagesBetween(db *sql.DB, startsAt time.Time, endsAt time.Time) ([]*ReceivedMessage, error) { func queryReceivedMessagesBetween(db *sql.DB, startsAt time.Time, endsAt time.Time) ([]*ReceivedMessage, error) {
rows, err := db.Query(fmt.Sprintf("SELECT * FROM receivedMessages WHERE sentAt BETWEEN %d and %d", startsAt.Unix(), endsAt.Unix())) rows, err := db.Query(fmt.Sprintf("SELECT id, chatId, messageHash, receiverKeyUID, sentAt, topic, createdAt FROM receivedMessages WHERE sentAt BETWEEN %d and %d", startsAt.Unix(), endsAt.Unix()))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -45,7 +45,7 @@ func queryReceivedMessagesBetween(db *sql.DB, startsAt time.Time, endsAt time.Ti
func didReceivedMessageAfter(db *sql.DB, receiverPublicKey string, after time.Time) (bool, error) { func didReceivedMessageAfter(db *sql.DB, receiverPublicKey string, after time.Time) (bool, error) {
var count int var count int
err := db.QueryRow(fmt.Sprintf("SELECT COUNT(*) FROM receivedMessages WHERE receiverKeyUID = '%s' AND createdAt > %d", receiverPublicKey, after.Unix())).Scan(&count) err := db.QueryRow("SELECT COUNT(*) FROM receivedMessages WHERE receiverKeyUID = $1 AND createdAt > $2", receiverPublicKey, after.Unix()).Scan(&count)
if err != nil { if err != nil {
return false, err return false, err
} }