- Notifications
You must be signed in to change notification settings - Fork1.9k
feat(snowflake-driver): Support execute sql via custom procedure#9579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:master
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| this.config.snowflakeExecutionProcedure && | ||
| query.toUpperCase().startsWith('SELECT') | ||
| ) { | ||
| const escapedQuery = query.replace(/'/g, "\\'"); |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestionHide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to ensure that backslashes in thequery string are escaped before escaping single quotes. This can be achieved by first replacing all backslashes (\) with double backslashes (\\), and then replacing all single quotes (') with escaped single quotes (\'). This ensures that both backslashes and single quotes are properly escaped.
The best way to implement this fix is to chain tworeplace operations on thequery string:
- Replace all backslashes (
\) with double backslashes (\\). - Replace all single quotes (
') with escaped single quotes (\').
This change should be applied to line 892 in theexecute method.
| @@ -891,3 +891,3 @@ | ||
| ){ | ||
| constescapedQuery=query.replace(/'/g,"\\'"); | ||
| constescapedQuery=query.replace(/\\/g,"\\\\").replace(/'/g,"\\'"); | ||
| constserializedBinds= `ARRAY_CONSTRUCT(${(values??[]) |
No description provided.