mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-18 06:41:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
742bc513cbd1d21ddbb287881393a12771fcea89
bun.sh/test/js/sql
History
Claude Bot 742bc513cb fix(sql): validate array type parameter to prevent SQL injection 
The `sql.array(values, type)` function interpolated the user-provided
type string directly into the SQL query without validation, allowing
SQL injection via crafted type names like `INT); DROP TABLE users--`.

Add character validation in `getArrayType()` to reject type names
containing characters outside [a-zA-Z0-9_ .], which covers all valid
PostgreSQL type names (including schema-qualified names like
`myschema.INTEGER`) while blocking injection payloads. Uses
`$ERR_INVALID_ARG_VALUE` for consistency with the rest of the codebase.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-12 04:53:43 +00:00
..
__snapshots__
SQLite in Bun.sql (#21640)
2025-08-19 23:15:53 -07:00
docker-tls
refactor(test): use container-based postgres_tls for TLS SQL tests (#26518)
2026-01-27 23:32:39 -08:00
mysql-tls
fix(Bun.SQL) fix SSLRequest (#22378)
2025-09-03 18:59:15 -07:00
adapter-env-var-precedence.test.ts
Fix: Make SQL connection string parsing more sensible (#22260)
2025-09-08 20:59:24 -07:00
adapter-override.test.ts
SQLite in Bun.sql (#21640)
2025-08-19 23:15:53 -07:00
bootstrap.js
issue-21351.fixture.sql
fix(postgres) regression (#21466)
2025-07-31 16:26:35 -07:00
local-sql.test.ts
[publish images] ci: ensure tests that require docker have it available (#22781)
2025-09-25 19:03:22 -07:00
socket.fail.fixture.ts
fix(postgres) memory fix when connection fails sync (#21616)
2025-08-04 19:41:20 -07:00
sql-array-injection.test.ts
fix(sql): validate array type parameter to prevent SQL injection
2026-02-12 04:53:43 +00:00
sql-fixture-ref.ts
Deflake sql.test.ts
2025-08-01 22:41:05 -07:00
sql-idle-exit-fixture.ts
fix(MySQL) ref and status usage (#23873)
2025-10-20 17:40:48 -07:00
sql-mysql.auth.test.ts
Start using test.concurrent in our tests (#22823)
2025-09-22 05:30:34 -07:00
sql-mysql.helpers.test.ts
fix(Bun.SQL) fix IN, UPDATE support in helpers, and fix JSONB/JSON serialization (#22700)
2025-09-30 13:26:15 -07:00
sql-mysql.test.ts
fix(Bun.SQL): handle binary columns in MySQL correctly (#26011)
2026-01-12 11:56:02 -08:00
sql-mysql.transactions.test.ts
Migrate all Docker usage to unified docker-compose infrastructure (#22740)
2025-09-19 04:20:58 -07:00
sql.test.ts
Fix postgres empty check when handling arrays (#25607)
2025-12-19 14:49:12 -08:00
sqlite-sql.test.ts
sql: filter out undefined values in INSERT helper instead of treating as NULL (#25830)
2026-01-05 15:03:20 -08:00
sqlite-url-parsing.test.ts
lsan: fix reporting on linux ci (#22806)
2025-09-24 00:47:52 -07:00
tls-sql.test.ts
refactor(test): use container-based postgres_tls for TLS SQL tests (#26518)
2026-01-27 23:32:39 -08:00