Thread: [pgAdmin4][Patch]: SonarQube Vulnerabilities

[pgAdmin4][Patch]: SonarQube Vulnerabilities

From

Khushboo Vashi

Date:

14 September 2022, 04:38:30

Hi,

I have tried to fix the vulnerabilities reported by SonarQube but it didn't work. So I added the verification of region_id (user defined input) as discussed in yesterday's meeting and am going to close these issues.

Thanks,

Khushboo

Attachment

sonarQube_vulnerabilities.patch

Re: [pgAdmin4][Patch]: SonarQube Vulnerabilities

From

Akshay Joshi

Date:

14 September 2022, 09:47:01

Thanks, the patch applied.

On Wed, Sep 14, 2022 at 10:08 AM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:

Hi,

I have tried to fix the vulnerabilities reported by SonarQube but it didn't work. So I added the verification of region_id (user defined input) as discussed in yesterday's meeting and am going to close these issues.

Thanks,
Khushboo

Akshay Joshi

Principal Software Architect

+91 9767888246

www.enterprisedb.com

Re: [pgAdmin4][Patch]: SonarQube Vulnerabilities

From

Dave Page

Date:

14 September 2022, 12:35:19

On Wed, 14 Sept 2022 at 05:38, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:

Hi,

I have tried to fix the vulnerabilities reported by SonarQube but it didn't work. So I added the verification of region_id (user defined input) as discussed in yesterday's meeting and am going to close these issues.

I've cleared the first two issues on SonarQube as it doesn't detect the validation. However, we also need to validate the volume type specified in the third.

Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com