summaryrefslogtreecommitdiff
path: root/vendor/github.com/jackc/pgx/v5/internal
diff options
context:
space:
mode:
authorLibravatar dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>2024-03-11 10:13:33 +0000
committerLibravatar GitHub <noreply@github.com>2024-03-11 10:13:33 +0000
commitd115f9ebc4444c628269297f6d7ec427f7e5cf00 (patch)
tree242411bdcdf7c988700a52cc275eec20304db9c2 /vendor/github.com/jackc/pgx/v5/internal
parent[chore]: Bump github.com/gin-contrib/cors from 1.5.0 to 1.7.0 (#2745) (diff)
downloadgotosocial-d115f9ebc4444c628269297f6d7ec427f7e5cf00.tar.xz
[chore]: Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.5 (#2747)
Diffstat (limited to 'vendor/github.com/jackc/pgx/v5/internal')
-rw-r--r--vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
index f9091cd48..df58c4484 100644
--- a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
+++ b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
@@ -63,6 +63,10 @@ func (q *Query) Sanitize(args ...any) (string, error) {
return "", fmt.Errorf("invalid arg type: %T", arg)
}
argUse[argIdx] = true
+
+ // Prevent SQL injection via Line Comment Creation
+ // https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
+ str = " " + str + " "
default:
return "", fmt.Errorf("invalid Part type: %T", part)
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 19:14:59 +0000