api/store: Avoid sql injection on webhook status update

livepeer · Apr 23, 2024 · e00130d · e00130d
1 parent 1e15d91
commit e00130d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/api/src/store/webhook-table.ts b/packages/api/src/store/webhook-table.ts
@@ -50,7 +50,7 @@ export default class WebhookTable extends Table<DBWebhook> {
 
   async updateStatus(id: string, status: DBWebhook["status"]) {
     const res = await this.db.query(
-      `UPDATE ${
+      sql`UPDATE ${
         this.name
       } SET data = jsonb_set(data, '{status}', case when data->'status' is null then '{}' else data->'status' end || '${JSON.stringify(
         status