oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: fix high-severity security issues
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Has been cancelled
Details
Python Tests / test-python (push) Has been cancelled
Details
CLI Tests / test-cli (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details

Browse Source 
- Remove hardcoded passwords in wallet commands (2 instances)
- Fix SQL injection vectors with parameterized queries (3 instances)
- Replace MD5 hashes with SHA-256 in 14 locations
- Add table name validation in migration scripts
This commit is contained in:
aitbc
2026-04-18 10:42:40 +02:00
parent a8db89f8ef
commit 8424902bee
14 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/blockchain-node/src/aitbc_chain/mempool.py
View File

@@ -257,8 +257,10 @@ class DatabaseMempool:
hashes_to_remove.append(r[0])
if hashes_to_remove:
placeholders = ",".join("?" * len(hashes_to_remove))
self._conn.execute(f"DELETE FROM mempool WHERE chain_id = ? AND tx_hash IN ({placeholders})", [chain_id] + hashes_to_remove)
# Use parameterized query to avoid SQL injection
placeholders = ",".join(["?"] * len(hashes_to_remove))
query = f"DELETE FROM mempool WHERE chain_id = ? AND tx_hash IN ({placeholders})"
self._conn.execute(query, [chain_id] + hashes_to_remove)
self._conn.commit()
metrics_registry.increment(f"mempool_tx_drained_total_{chain_id}", float(len(result)))