fix: use whitelist for SQL table names in getTableCount (closes #7) #38

Closed

clawbot wants to merge 2 commits from fix/sql-injection-whitelist into main

pull from: fix/sql-injection-whitelist

merge into: sneak:main

sneak:main

sneak:refactor/break-up-long-methods

sneak:add-make-check

sneak:fix/verify-blob-hash

sneak:feat/restore-progress-bar

sneak:feature/restore-progress-bar

sneak:feature/implement-prune-flag-on-snapshot-create

sneak:fix/restore-error-handling

sneak:fix/issue-25

sneak:fix/issue-29

sneak:add-compressstream-regression-test

sneak:fix/issue-26

sneak:fix/issue-27

sneak:fix/issue-28

sneak:feature/pluggable-storage-backend

Conversation 3 Commits 2 Files Changed 2 +66 -9

2 Commits

Author	SHA1	Message	Date
Jeffrey Paul	3e282af516	Merge branch 'main' into fix/sql-injection-whitelist	2026-02-20 11:16:27 +01:00
user	bb4b9b5bc9	fix: use whitelist for SQL table names in getTableCount (closes #7) ... Replace regex-based validation with a strict whitelist of allowed table names (files, chunks, blobs). The whitelist check now runs before the nil-DB early return so invalid names are always rejected. Removes unused regexp import.	2026-02-20 02:09:40 -08:00