Skip to content

Security: SQL Injection Risk in Dynamic Query Construction#326

Open
tomaioo wants to merge 1 commit into
QuackbackIO:mainfrom
tomaioo:fix/security/sql-injection-risk-in-dynamic-query-cons
Open

Security: SQL Injection Risk in Dynamic Query Construction#326
tomaioo wants to merge 1 commit into
QuackbackIO:mainfrom
tomaioo:fix/security/sql-injection-risk-in-dynamic-query-cons

Conversation

@tomaioo

@tomaioo tomaioo commented Jul 5, 2026

Copy link
Copy Markdown

Summary

Security: SQL Injection Risk in Dynamic Query Construction

Problem

Severity: Medium | File: apps/web/e2e/scripts/get-magic-link-token.ts:L42

The file apps/web/e2e/scripts/get-magic-link-token.ts constructs a SQL LIKE pattern by string concatenation: value::text ILIKE ${'"email":"' + email + '"%'}. While the postgres library uses parameterized queries for the main query, the LIKE pattern is built via string concatenation before being passed as a parameter. If email contains special characters, it could affect pattern matching behavior or cause unexpected query results.

Solution

Sanitize or validate the email input before constructing the LIKE pattern. Consider using a more robust approach to query the JSON content, such as using PostgreSQL's JSON operators (e.g., value->>'email' = ${email}) instead of text matching on serialized JSON.

Changes

  • apps/web/e2e/scripts/get-magic-link-token.ts (modified)

The file `apps/web/e2e/scripts/get-magic-link-token.ts` constructs a SQL LIKE pattern by string concatenation: `value::text ILIKE ${'"email":"' + email + '"%'}`. While the `postgres` library uses parameterized queries for the main query, the LIKE pattern is built via string concatenation before being passed as a parameter. If `email` contains special characters, it could affect pattern matching behavior or cause unexpected query results.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants