Background
Currently, there are several places in the codebase where trusted data (like table names) is directly interpolated into SQL queries without sanitization. While these inputs are currently from trusted sources, this practice could lead to bugs and potential security vulnerabilities if the trust assumptions change in the future.
Objectives
- Review all SQL query construction points in the codebase
- Implement proper input sanitization for:
- Table names
- Column names
- Other SQL identifiers
- Consider creating utility functions for SQL identifier sanitization
References
Impact
This improvement will:
- Prevent potential bugs from malformed identifiers
- Add an extra layer of safety against SQL injection
- Make the code more robust against future changes in trust assumptions
/cc @gibber9809
Background
Currently, there are several places in the codebase where trusted data (like table names) is directly interpolated into SQL queries without sanitization. While these inputs are currently from trusted sources, this practice could lead to bugs and potential security vulnerabilities if the trust assumptions change in the future.
Objectives
References
Impact
This improvement will:
/cc @gibber9809