Fix vulnerability
This commit is contained in:
parent
bc0b03e0b0
commit
9bcf55dda9
@ -7,6 +7,7 @@
|
||||
*/
|
||||
|
||||
var types = require('pg-types');
|
||||
var escape = require('js-string-escape');
|
||||
|
||||
//result object returned from query
|
||||
//in the 'end' event and also
|
||||
@ -75,13 +76,13 @@ Result.prototype.addRow = function(row) {
|
||||
|
||||
var inlineParser = function(fieldName, i) {
|
||||
return "\nthis['" +
|
||||
//fields containing single quotes will break
|
||||
//the evaluated javascript unless they are escaped
|
||||
//see https://github.com/brianc/node-postgres/issues/507
|
||||
//Addendum: However, we need to make sure to replace all
|
||||
//occurences of apostrophes, not just the first one.
|
||||
//See https://github.com/brianc/node-postgres/issues/934
|
||||
fieldName.replace(/'/g, "\\'") +
|
||||
// fields containing single quotes will break
|
||||
// the evaluated javascript unless they are escaped
|
||||
// see https://github.com/brianc/node-postgres/issues/507
|
||||
// Addendum: However, we need to make sure to replace all
|
||||
// occurences of apostrophes, not just the first one.
|
||||
// See https://github.com/brianc/node-postgres/issues/934
|
||||
escape(fieldName) +
|
||||
"'] = " +
|
||||
"rowData[" + i + "] == null ? null : parsers[" + i + "](rowData[" + i + "]);";
|
||||
};
|
||||
|
@ -20,6 +20,7 @@
|
||||
"dependencies": {
|
||||
"buffer-writer": "1.0.1",
|
||||
"packet-reader": "0.3.1",
|
||||
"js-string-escape": "1.0.1",
|
||||
"pg-connection-string": "0.1.3",
|
||||
"pg-pool": "1.*",
|
||||
"pg-types": "1.*",
|
||||
|
10
test/integration/client/field-name-escape-tests.js
Normal file
10
test/integration/client/field-name-escape-tests.js
Normal file
@ -0,0 +1,10 @@
|
||||
var pg = require('./test-helper').pg
|
||||
|
||||
var sql = 'SELECT 1 AS "\\\'/*", 2 AS "\\\'*/\n + process.exit(-1)] = null;\n//"'
|
||||
|
||||
var client = new pg.Client()
|
||||
client.connect()
|
||||
client.query(sql, function (err, res) {
|
||||
if (err) throw err
|
||||
client.end()
|
||||
})
|
Loading…
Reference in New Issue
Block a user