-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: always use a sql safe table name in failed events manager #2664
Conversation
Codecov ReportBase: 45.45% // Head: 45.44% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #2664 +/- ##
==========================================
- Coverage 45.45% 45.44% -0.02%
==========================================
Files 287 287
Lines 47785 47790 +5
==========================================
- Hits 21721 21716 -5
- Misses 24689 24696 +7
- Partials 1375 1378 +3
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
@@ -188,3 +188,7 @@ func CleanFailedRecordsTableProcess(ctx context.Context) { | |||
func (fem *FailedEventsManagerT) GetDBHandle() *sql.DB { | |||
return fem.dbHandle | |||
} | |||
|
|||
func getSqlSafeTablename(taskRunID string) string { | |||
return `"` + strings.ReplaceAll(fmt.Sprintf(`%s_%s`, failedKeysTablePrefix, taskRunID), `"`, `""`) + `"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pq.QuoteIdentifier
can be used as well.
Description
Extracted a common function for escaping the table name and including a scenario missed by #2663
Security