[ 首頁 / 搜尋 / 管理Discord ] [ Komica首頁 ] [ 跨版面 ] [ 雜談 / 人工智慧 / 程設交流 ]

/cs/ - 程設交流

Name
Email
Subject
Comment
File
Embed
Options
Password (For file deletion.)
  • Allowed file types:jpg, jpeg, png, gif, mp4, webm
  • Max filesize is 10 MB.
  • Max image dimensions are 10000 x 10000.
  • You may upload 1 per post.

  [Go to bottom]   [Catalog]   [Return]   [Archive]   [Featured]

File: 1700128825117.gif (3.33 MB, 498x498, 風真いろは-ホロライブ.gif)

f5604045 No.55

不知道有沒有島民用過casa弱掃過?
https://appdefensealliance.dev/casa/tier-2/ast-guide/static-scan?hl=zh-tw
它一直指出我以下的code在「connection.query(」那行有SQL injection的風險,查了查怎樣都是目前參數化做了的解決方案

await new Promise((resolve, reject) => {
const deleteQuery = 'DELETE FROM ?? WHERE id = ?';
connection.query(
deleteQuery, [selectedTableWorkflows, workflowId],
async (error, results) => {
if (error) {
logger.log({
level: 'error',
message: error
});
} else {
connection.end();
resolve();
}
}
);
});

還是我忽略了什麼呢?謝謝

49f8dc49 No.57

據我所知Database提供的防Injection保護不含dynamic table name



[Go to top] [Catalog] [Return][Post a Reply]
Delete Post [ ]
[ 首頁 / 搜尋 / 管理Discord ] [ Komica首頁 ] [ 跨版面 ] [ 雜談 / 人工智慧 / 程設交流 ]