DashBoard

egg/DashBoard

Fork 0

Commit Graph

Author	SHA1	Message	Date
egg	f90a8a57b4	fix(security): add table_name whitelist to prevent SQL injection in table query APIs The /api/query_table and /api/get_table_columns endpoints accepted arbitrary table_name values that were interpolated directly into SQL f-strings. Since api_public is true, any unauthenticated user could exploit this. Now validates table_name and time_field against TABLES_CONFIG before reaching the database. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-11 10:44:56 +08:00
beabigegg	b56e80381b	chore: reinitialize project with vite architecture	2026-02-08 08:30:48 +08:00

Author

SHA1

Message

Date

egg

f90a8a57b4

fix(security): add table_name whitelist to prevent SQL injection in table query APIs

The /api/query_table and /api/get_table_columns endpoints accepted arbitrary
table_name values that were interpolated directly into SQL f-strings. Since
api_public is true, any unauthenticated user could exploit this. Now validates
table_name and time_field against TABLES_CONFIG before reaching the database.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-11 10:44:56 +08:00

beabigegg

b56e80381b

chore: reinitialize project with vite architecture

2026-02-08 08:30:48 +08:00

2 Commits