Bug 1248435 - gom: should guard against special characters in identifiers
gom: should guard against special characters in identifiers
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gom (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Bastien Nocera
Desktop QE
Depends On:
Blocks: 1214340
  Show dependency treegraph
Reported: 2015-07-30 05:43 EDT by Florian Weimer
Modified: 2016-05-18 09:45 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-05-18 09:45:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 753049 None None None Never

  None (edit)
Description Florian Weimer 2015-07-30 05:43:07 EDT
Currently, gom does not protect its SQL generation logic against special characters in identifiers.  Characters such as '![] should be rejected to prevent any risk of SQL injection.  There are some places which do not seem to be able to cope with spaces in identifiers because the identifiers are not quoted at all.
Comment 1 Bastien Nocera 2016-05-18 09:45:34 EDT
In the upstream bug, we double-checked that all the column names are sanitised "for free", by going through GParamSpec. The only feature that didn't use it was GomSorting, during the 0.3.2 development cycle.

Closing as this isn't actually a bug.

Note You need to log in before you can comment on or make changes to this bug.