Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backslash is incorrectly escaped in strings #345

Closed
brantburnett opened this issue Dec 21, 2020 · 1 comment
Closed

Backslash is incorrectly escaped in strings #345

brantburnett opened this issue Dec 21, 2020 · 1 comment
Assignees
@brantburnett
Labels
bug

Comments

@brantburnett
Copy link
Collaborator

Currently, only quote characters are escaped. However, N1QL strings support JSON-like backslash escaping as well. This means that any string with a single backslash will be misinterpreted and cause N1QL invalid syntax errors.

[
  {
    "code": 3000,
    "msg": "syntax error: invalid quoted string - at 'North American Ale\\'",
    "query": "SELECT * FROM `beer-sample` WHERE type = 'beer' AND category = 'North American Ale\\' LIMIT 1"
  }
]

https://forums.couchbase.com/t/how-to-sanitize-user-input/28830/4

Note: This is a potential security flaw, it may allow N1QL injection attacks.
@brantburnett brantburnett self-assigned this Dec 21, 2020
@brantburnett
Copy link
Collaborator Author

Fixed by #352. The current plan is to only fix this for the new release which will be SDK 3.x compatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brantburnett brantburnett

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brantburnett