Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: fix vulnerability where -database parameter accepts arbit…
Browse files Browse the repository at this point in the history
…rary DSN strings
dm-2 committed Jan 18, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 14cab44 commit 4dab3d5
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 1 addition & 1 deletion build.sh
Original file line number Diff line number Diff line change
@@ -18,7 +18,7 @@ function build {
GOOS=$3
GOARCH=$4

if ! go version | egrep -q 'go(1\.1[56])' ; then
if ! go version | egrep -q 'go1\.(1[5-9]|[2-9][0-9]{1})' ; then
echo "go version must be 1.15 or above"
exit 1
fi
6 changes: 6 additions & 0 deletions go/cmd/gh-ost/main.go
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ package main
import (
"flag"
"fmt"
"net/url"
"os"
"os/signal"
"syscall"
@@ -188,6 +189,11 @@ func main() {
log.Fatalf("--database must be provided and database name must not be empty, or --alter must specify database name")
}
}

if err := flag.Set("database", url.QueryEscape(migrationContext.DatabaseName)); err != nil {
migrationContext.Log.Fatale(err)
}

if migrationContext.OriginalTableName == "" {
if parser.HasExplicitTable() {
migrationContext.OriginalTableName = parser.GetExplicitTable()

0 comments on commit 4dab3d5

Please sign in to comment.