Skip to content

Commit

Permalink
add quotes to COUNT query to add SQL injection protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexisszmundy
alexisszmundy committed Jul 11, 2024
1 parent 07e0124 commit 9ddc524
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion kraftwerk-core/src/main/java/fr/insee/kraftwerk/core/outputs/csv/CsvOutputFiles.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,8 @@ public void writeOutputTables(Map<String, MetadataModel> metadataModels) throws

//Count rows for functional log
if (kraftwerkExecutionLog != null) {
try(ResultSet countResult = this.getDatabase().executeQuery("SELECT COUNT(*) FROM " + datasetName)){
try(ResultSet countResult =
this.getDatabase().executeQuery("SELECT COUNT(*) FROM '%s'".formatted(datasetName))){
countResult.next();
kraftwerkExecutionLog.getLineCountByTableMap().put(datasetName, countResult.getInt(1));
}
Expand Down

0 comments on commit 9ddc524

Please sign in to comment.