Skip to content

Security Fix: Updating graph parser for potential injection cases#2548

Merged
dvora-h merged 4 commits intoredis:masterfrom
Threated:string-cleanse
Jan 11, 2023
Merged

Security Fix: Updating graph parser for potential injection cases#2548
dvora-h merged 4 commits intoredis:masterfrom
Threated:string-cleanse

Conversation

@Threated
Copy link
Copy Markdown
Contributor

@Threated Threated commented Jan 9, 2023
edited
Loading

Pull Request check-list

Please make sure to review and check all of these items:

  • Does $ tox pass with this change (including linting)?
  • Do the CI tests pass with this change (enable it first in your forked repo and wait for the github action build to finish)?
  • Is the new or changed code fully tested?
  • Is a documentation update included (if this change modifies existing APIs, or introduces new ones)?
  • Is there an example added to the examples folder (if applicable)?
  • Was the change added to CHANGES file?

Description of change

Added string escape to properly escape \ in helper method quote_string
Added tests

cc @chayim

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jan 9, 2023
edited
Loading

Codecov Report

Base: 92.23% // Head: 92.23% // Increases project coverage by +0.00% 🎉

Coverage data is based on head (aa69334) compared to base (f46d7f3).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2548   +/-   ##
=======================================
  Coverage   92.23%   92.23%           
=======================================
  Files         115      115           
  Lines       29554    29561    +7     
=======================================
+ Hits        27260    27267    +7     
  Misses       2294     2294
Impacted Files Coverage Δ
redis/commands/helpers.py 87.50% <100.00%> (+0.13%) ⬆️
tests/test_graph.py 91.56% <100.00%> (ø)
tests/test_helpers.py 100.00% <100.00%> (ø)
tests/test_cluster.py 96.90% <0.00%> (-0.12%) ⬇️
tests/test_asyncio/test_cluster.py 97.60% <0.00%> (+0.12%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@chayim chayim self-requested a review January 10, 2023 07:18
@dvora-h dvora-h merged commit 4a825bc into redis:master Jan 11, 2023
@chayim chayim changed the title String cleanse Security Fix: Updating graph parser for potential injection cases Jan 11, 2023
@Threated Threated deleted the string-cleanse branch January 13, 2023 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@chayim chayim chayim approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Threated @codecov-commenter @chayim @dvora-h