Skip to content

fix: parameterize SQL queries in ml_persistence.py (closes #59)#148

Merged
geored merged 1 commit into
mainfrom
fix/sql-injection-ml-persistence-59
Jul 2, 2026
Merged

fix: parameterize SQL queries in ml_persistence.py (closes #59)#148
geored merged 1 commit into
mainfrom
fix/sql-injection-ml-persistence-59

Conversation

@geored

@geored geored commented Jun 24, 2026

Copy link
Copy Markdown
Member

Root Cause

SQL injection via f-string interpolation of cluster_id into cursor.execute() calls.

Fix

Replaced all f-string SQL construction with parameterized queries using ? placeholders.

Closes #59

@mftb mftb left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@geored geored merged commit 2375f02 into main Jul 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[CRITICAL] SQL Injection via f-string interpolation in ml_persistence.py

3 participants