Skip to content

Commit

Permalink
fix: possible unauthenticated SQL injection when login
Browse files Browse the repository at this point in the history
  • Loading branch information
jczhong84 committed Dec 8, 2023
1 parent 2c71a8a commit d93ddf3
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions querybook/server/logic/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ def get_users_by_ids(ids, session=None):

@with_session
def get_user_by_name(username, case_sensitive=True, session=None):
if not isinstance(username, str):
raise ValueError("Username should be a string")

if case_sensitive:
return User.get(username=username, session=session)
users = (
Expand Down

0 comments on commit d93ddf3

Please sign in to comment.