summaryrefslogtreecommitdiff
path: root/vendor/github.com/jackc/pgx/v5/internal
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/jackc/pgx/v5/internal')
-rw-r--r--vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
index f9091cd48..df58c4484 100644
--- a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
+++ b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
@@ -63,6 +63,10 @@ func (q *Query) Sanitize(args ...any) (string, error) {
return "", fmt.Errorf("invalid arg type: %T", arg)
}
argUse[argIdx] = true
+
+ // Prevent SQL injection via Line Comment Creation
+ // https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
+ str = " " + str + " "
default:
return "", fmt.Errorf("invalid Part type: %T", part)
}
generated by cgit v1.3 (git 2.53.0) at 2026-06-12 03:19:25 +0000