Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sec): remove most instances of possible sql injection #9404

Merged
merged 1 commit into from
Jun 21, 2024
Merged

fix(sec): remove most instances of possible sql injection #9404

merged 1 commit into from
Jun 21, 2024

Conversation

cpcloud
Copy link
Member

@cpcloud cpcloud commented Jun 18, 2024

This PR adds ruff's flake8-bandit checks and fixes the lints or explicitly
ignores them (where it's low risk or unavoidable).

Most of the work here was in building SQL using sqlglot instead of constructing
queries using format strings.

That's not 100% foolproof for cases like .sql() methods, but we're at least
covering the bases in cases where we have more control over input.

@cpcloud cpcloud added this to the 9.2 milestone Jun 18, 2024
@cpcloud cpcloud added refactor Issues or PRs related to refactoring the codebase developer-tools Tools related to ibis development labels Jun 18, 2024
@cpcloud cpcloud force-pushed the bandit branch 5 times, most recently from 731dcdc to 7191e8e Compare June 18, 2024 19:19
@cpcloud cpcloud added the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 18, 2024
@ibis-docs-bot ibis-docs-bot bot removed the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 18, 2024
@cpcloud cpcloud force-pushed the bandit branch 2 times, most recently from 85efb68 to db9dfcf Compare June 19, 2024 11:43
@cpcloud cpcloud added the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 19, 2024
@ibis-docs-bot ibis-docs-bot bot removed the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 19, 2024
jcrist
jcrist approved these changes Jun 21, 2024
View reviewed changes
Copy link
Member

@jcrist jcrist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a cursory review, honestly mostly relying on tests here to have caught any regressions.

ibis/backends/sql/__init__.py Show resolved Hide resolved
ibis/util.py Show resolved Hide resolved
@cpcloud cpcloud added the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 21, 2024
@ibis-docs-bot ibis-docs-bot bot removed the ci-run-cloud Add this label to trigger a run of BigQuery, Snowflake, and Databricks backends in CI label Jun 21, 2024
@cpcloud cpcloud merged commit a555774 into ibis-project:main Jun 21, 2024
95 checks passed
@cpcloud cpcloud deleted the bandit branch June 21, 2024 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcrist jcrist jcrist approved these changes

@gforsyth gforsyth Awaiting requested review from gforsyth

@ncclementi ncclementi Awaiting requested review from ncclementi

Assignees
No one assigned
Labels
developer-tools Tools related to ibis development refactor Issues or PRs related to refactoring the codebase
Projects
None yet
Milestone
9.2
Development

Successfully merging this pull request may close these issues.
2 participants
@cpcloud @jcrist