security: fix high-severity security issues
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
CLI Tests / test-cli (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
CLI Tests / test-cli (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
- Remove hardcoded passwords in wallet commands (2 instances) - Fix SQL injection vectors with parameterized queries (3 instances) - Replace MD5 hashes with SHA-256 in 14 locations - Add table name validation in migration scripts
This commit is contained in:
aitbc
@@ -42,6 +42,12 @@ def migrate_all_data():
|
||||
print(f"\nMigrating {table_name}...")
|
||||
|
||||
# Get table schema
|
||||
# Validate table name to prevent SQL injection
|
||||
allowed_tables = ['user', 'wallet', 'transaction', 'agent', 'job', 'receipt', 'marketplace_listing']
|
||||
if table_name not in allowed_tables:
|
||||
print(f" Skipping table {table_name} (not in allowed list)")
|
||||
continue
|
||||
|
||||
sqlite_cursor.execute(f"PRAGMA table_info({table_name})")
|
||||
columns = sqlite_cursor.fetchall()
|
||||
column_names = [col[1] for col in columns]
|
||||
|
||||
Reference in New Issue
Block a user