warren830 opened a new pull request, #8769: URL: https://github.com/apache/incubator-devlake/pull/8769
## Summary - Add `ValidateTableName` and `ValidateColumnName` functions in `core/dal/identifier.go` to ensure table and column names used in dynamic SQL are safe identifiers (alphanumeric + underscores + dots only) - Applied validation in `scope_service_helper.go`, `scope_generic_helper.go`, and `customized_fields_extractor.go` where `fmt.Sprintf` is used to build SQL with table/column names - `mkUpdate` now returns an error if invalid identifiers are detected ## Test plan - [ ] Verify existing unit tests pass - [ ] Verify migration and scope deletion operations still work correctly - [ ] Verify customized fields extractor handles invalid column names gracefully -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
