(incubator-devlake) branch main updated: Fix sql string escaping (#8163)

Tue, 05 Nov 2024 18:00:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

klesh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git


The following commit(s) were added to refs/heads/main by this push:
     new 3a7acd6f7 Fix sql string escaping (#8163)
3a7acd6f7 is described below

commit 3a7acd6f76fe72867cb4a98104c0097c25b646ef
Author: Alex Tonkonozhenko <[email protected]>
AuthorDate: Wed Nov 6 02:59:29 2024 +0100

    Fix sql string escaping (#8163)
---
 backend/plugins/dora/tasks/incident_from_issue_generator.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/backend/plugins/dora/tasks/incident_from_issue_generator.go 
b/backend/plugins/dora/tasks/incident_from_issue_generator.go
index bb3610898..d70cd2ce5 100644
--- a/backend/plugins/dora/tasks/incident_from_issue_generator.go
+++ b/backend/plugins/dora/tasks/incident_from_issue_generator.go
@@ -57,11 +57,11 @@ func ConvertIssuesToIncidents(taskCtx 
plugin.SubTaskContext) errors.Error {
                         FROM issues i
                         LEFT JOIN board_issues bi ON bi.issue_id = i.id
                         LEFT JOIN project_mapping pm ON pm.row_id = bi.board_id
-                        WHERE i.type = "INCIDENT"
+                        WHERE i.type = ?
                           AND pm.project_name = ?
-                      AND pm.table = "boards")
+                      AND pm.table = ?)
        `
-       if err := db.Exec(deleteIncidentsSql, data.Options.ProjectName); err != 
nil {
+       if err := db.Exec(deleteIncidentsSql, "INCIDENT", 
data.Options.ProjectName, "boards"); err != nil {
                return errors.Default.Wrap(err, "error deleting previous 
incidents")
 
        }
@@ -73,11 +73,11 @@ func ConvertIssuesToIncidents(taskCtx 
plugin.SubTaskContext) errors.Error {
                         FROM issues i
                         LEFT JOIN board_issues bi ON bi.issue_id = i.id
                         LEFT JOIN project_mapping pm ON pm.row_id = bi.board_id
-                        WHERE i.type = "INCIDENT"
+                        WHERE i.type = ?
                           AND pm.project_name = ?
-                      AND pm.table = "boards")
+                      AND pm.table = ?)
        `
-       if err := db.Exec(deleteIncidentAssigneesSql, 
data.Options.ProjectName); err != nil {
+       if err := db.Exec(deleteIncidentAssigneesSql, "INCIDENT", 
data.Options.ProjectName, "boards"); err != nil {
                return errors.Default.Wrap(err, "error deleting previous 
incident_assignees")
        }

Reply via email to