Move db calls to prepared statements with context · SigNoz/signoz#1353

(11 留言) (0 反應) (1 負責人)TypeScript (16,037 star) (976 fork)batch import

backendgood first issue

描述

Move all db calls to prepared statements and specifically with context if possible to make signoz more secure from sql injections. A query should not be a string prepared from fmt.sprintf(...) if it has args to pass. We should try to avoid string formatting for args.

貢獻者指南

技術棧: typescriptnodejssql
領域: backendsecurity
議題類型: security
難度: 4
預計時間: over 1 week
活動狀態: blocked
清晰度: mostly clear
前置要求: TypeScriptNode.jsSQLprepared statements
新手友善度: 35
研究方向: Examine the repository's database access layer to identify all locations where SQL queries are constructed using string formatting (e.g., fmt.Sprintf). Review the issue comments for specific patterns mentioned by maintainers. Focus on files in the 'pkg' or 'server' directories that handle database operations. Look for existing prepared statement usage to understand the preferred pattern. Consider starting with one module to demonstrate the approach before expanding to the entire codebase.