Validate table name against allowlist in getTableCount (closes #27) #32

Open

clawbot wants to merge 1 commits from fix/issue-27 into main

Author	SHA1	Message	Date
clawbot	4d9f912a5f	fix: validate table name against allowlist in getTableCount to prevent SQL injection The getTableCount method used fmt.Sprintf to interpolate a table name directly into a SQL query. While currently only called with hardcoded names, this is a dangerous pattern. Added an allowlist of valid table names and return an error for unrecognized names.	2026-02-08 12:03:18 -08:00

Author

SHA1

Message

Date

clawbot

4d9f912a5f

fix: validate table name against allowlist in getTableCount to prevent SQL injection

The getTableCount method used fmt.Sprintf to interpolate a table name directly
into a SQL query. While currently only called with hardcoded names, this is a
dangerous pattern. Added an allowlist of valid table names and return an error
for unrecognized names.

2026-02-08 12:03:18 -08:00

Validate table name against allowlist in getTableCount (closes #27) #32

1 Commits