Fix all open GitHub Security reports#462
Merged
Merged
Conversation
CodeQL flagged go/sql-injection in AddTableData: project, dataset, table and column names provided by API callers were embedded into backtick-quoted SQL identifiers without escaping. A name containing a backtick could terminate the quoted region and inject arbitrary SQL. Add escapeIdent, which doubles backticks the way BigQuery/googlesqlite expect, and apply it to every identifier interpolated into a query: tablePath, routinePath, and the column/field name builders used by CreateTable, CreateOrReplaceTable and AddTableData. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CodeQL (actions/missing-workflow-permissions) flagged test.yml, integration.yml and release.yml for relying on the repository default GITHUB_TOKEN scope. Add explicit least-privilege permissions blocks: contents: read for the build/test/integration workflows, and contents: write for release.yml, which uploads release assets. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Regenerate _examples/python/Pipfile.lock to clear the open Dependabot alerts for urllib3, requests, protobuf, grpcio, pyasn1 and certifi. The fixed urllib3 (2.7.0) and requests (2.33.0+) releases require Python 3.10+, so bump the example to Python 3.12: update python_version in the Pipfile and the base image in the Dockerfile accordingly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
goccy
added a commit
that referenced
this pull request
May 18, 2026
PR #462 added escapeIdent (backtick doubling) for the go/sql-injection alert, but escaping alone is not sufficient. A query first passes through the GoogleSQL (ZetaSQL) parser and is then re-emitted for the SQLite backend, and the two layers escape a backtick differently (GoogleSQL uses a backslash, SQLite doubles the backtick). A crafted name containing a backtick and a backslash survives one layer's escaping and breaks out of the quoted identifier in the other; this was verified to execute an injected DROP TABLE despite the doubling applied by escapeIdent. Add validateIdent and reject any project, dataset, table, view, routine or column name that contains a backtick or backslash. Neither character is valid in a BigQuery identifier, so this closes the injection vector (CWE-89) without depending on the backend's escaping behavior and without affecting any legitimate name. tablePath/routinePath now return an error, and every public Repository method validates its identifiers before building a query. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
goccy
added a commit
that referenced
this pull request
May 18, 2026
#463) PR #462 added escapeIdent (backtick doubling) for the go/sql-injection alert, but escaping alone is not sufficient. A query first passes through the GoogleSQL (ZetaSQL) parser and is then re-emitted for the SQLite backend, and the two layers escape a backtick differently (GoogleSQL uses a backslash, SQLite doubles the backtick). A crafted name containing a backtick and a backslash survives one layer's escaping and breaks out of the quoted identifier in the other; this was verified to execute an injected DROP TABLE despite the doubling applied by escapeIdent. Add validateIdent and reject any project, dataset, table, view, routine or column name that contains a backtick or backslash. Neither character is valid in a BigQuery identifier, so this closes the injection vector (CWE-89) without depending on the backend's escaping behavior and without affecting any legitimate name. tablePath/routinePath now return an error, and every public Repository method validates its identifiers before building a query. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves every open report on the repository's Security tab: 5 CodeQL code-scanning alerts and 14 Dependabot alerts.
Code scanning (CodeQL)
go/sql-injection(High)internal/contentdata/repository.goactions/missing-workflow-permissions(Medium)release.yml,integration.yml,test.ymlpermissionsblocksSQL injection
AddTableData(and the surrounding query builders) embedded API-caller-provided project, dataset, table and column names into backtick-quoted SQL identifiers without escaping. A name containing a backtick could terminate the quoted region and inject arbitrary SQL.Added
escapeIdent, which doubles backticks the way BigQuery / googlesqlite expect, and applied it to every identifier interpolated into a query:tablePath,routinePath, and the column/field builders inCreateTable,CreateOrReplaceTableandAddTableData.Workflow permissions
Added least-privilege
permissionsblocks:contents: readfor the build/test/integration workflows, andcontents: writeforrelease.yml(it uploads release assets).Dependabot
All 14 open alerts were vulnerable transitive dependencies in
_examples/python/Pipfile.lock(the Python example). Regenerated the lockfile to clear them:1.26.13->2.7.02.28.1->2.34.24.21.12->6.33.61.51.1->1.80.00.4.8->0.6.32022.12.7->2026.4.22The patched urllib3 (2.7.0) and requests (2.33.0+) require Python 3.10+, so the example was bumped to Python 3.12 -- updating
python_versionin thePipfileand the base image in theDockerfile.Verification
go build ./...andgo vet ./internal/contentdata/pass.serverpackage tests covering data insertion and DDL paths (TestTable,TestDataFromStruct,TestRoutine,TestDirectDDL) pass.pipenv install --deploy(which also verifies Pipfile/Pipfile.lock are in sync) succeeds in apython:3.12container.🤖 Generated with Claude Code