Skip to content

Commit f5651f9

Browse files
committed
fix: escape sql from property
1 parent 6a6094f commit f5651f9

File tree

2 files changed

+5
-6
lines changed

2 files changed

+5
-6
lines changed

sentry/src/db/event_aggregate.rs

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use bb8_postgres::tokio_postgres::types::{ToSql, Type};
55
use bb8_postgres::tokio_postgres::Error;
66
use chrono::{DateTime, Utc};
77
use futures::pin_mut;
8-
use primitives::sentry::{EventAggregate, LastApprovedResponse, ApproveStateValidatorMessage, NewStateValidatorMessage, HeartbeatValidatorMessage};
8+
use primitives::sentry::{EventAggregate, ApproveStateValidatorMessage, NewStateValidatorMessage, HeartbeatValidatorMessage};
99
use primitives::BigNum;
1010
use primitives::{ChannelId, ValidatorId, Channel};
1111
use std::ops::Add;
@@ -15,12 +15,10 @@ pub async fn lastest_approve_state(
1515
pool: &DbPool,
1616
channel: &Channel
1717
) -> Result<Option<ApproveStateValidatorMessage>, RunError<bb8_postgres::tokio_postgres::Error>> {
18-
/// select (from, msg, received) from validator_messages where channel_id = channel_id, from = from, msg ->> 'type'->>'ApproveState'
19-
/// select (from, msg, received) from validator_messages where channel_id = channel_id, from = from, msg ->> 'type'->>'NewState', msg ->> 'stateRoot'->>'0xx'
2018
pool
2119
.run(move |connection| {
2220
async move {
23-
match connection.prepare("SELECT from, msg, received FROM validator_messages WHERE channel_id = $1 AND from = $2 AND msg ->> 'type' = 'ApproveState' ORDER BY received DESC LIMIT 1").await {
21+
match connection.prepare("SELECT \"from\", msg, received FROM validator_messages WHERE channel_id = $1 AND \"from\" = $2 AND msg ->> 'type' = 'ApproveState' ORDER BY received DESC LIMIT 1").await {
2422
Ok(select) => match connection.query(&select, &[&channel.id, &channel.spec.validators.follower().id]).await {
2523
Ok(rows) => Ok((rows.get(0).map(ApproveStateValidatorMessage::from), connection)),
2624
Err(e) => Err((e, connection)),
@@ -40,7 +38,7 @@ pub async fn latest_new_state(
4038
pool
4139
.run(move |connection| {
4240
async move {
43-
match connection.prepare("SELECT from, msg, received FROM validator_messages WHERE channel_id = $1 AND from = $2 AND msg ->> 'type' = 'NewState' AND msg->> 'stateRoot' = $3 ORDER BY received DESC LIMIT 1").await {
41+
match connection.prepare("SELECT \"from\", msg, received FROM validator_messages WHERE channel_id = $1 AND \"from\" = $2 AND msg ->> 'type' = 'NewState' AND msg->> 'stateRoot' = $3 ORDER BY received DESC LIMIT 1").await {
4442
Ok(select) => match connection.query(&select, &[&channel.id, &channel.spec.validators.leader().id, &state_root]).await {
4543
Ok(rows) => Ok((rows.get(0).map(NewStateValidatorMessage::from), connection)),
4644
Err(e) => Err((e, connection)),
@@ -60,7 +58,7 @@ pub async fn latest_heartbeats(
6058
pool
6159
.run(move |connection| {
6260
async move {
63-
match connection.prepare("SELECT from, msg, received FROM validator_messages WHERE channel_id = $1 AND from = $2 AND msg ->> 'type' = 'Heartbeat' ORDER BY received DESC LIMIT 2").await {
61+
match connection.prepare("SELECT \"from\", msg, received FROM validator_messages WHERE channel_id = $1 AND \"from\" = $2 AND msg ->> 'type' = 'Heartbeat' ORDER BY received DESC LIMIT 2").await {
6462
Ok(select) => match connection.query(&select, &[&channel_id, &validator_id]).await {
6563
Ok(rows) => Ok((rows.iter().map(HeartbeatValidatorMessage::from).collect(), connection)),
6664
Err(e) => Err((e, connection)),

sentry/src/routes/channel.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ pub async fn last_approved<A: Adapter>(
9999
.extensions()
100100
.get::<RouteParams>()
101101
.expect("request should have route params");
102+
102103
let channel_id = ChannelId::from_hex(route_params.index(0))?;
103104
let channel = get_channel_by_id(&app.pool, &channel_id).await?.unwrap();
104105

0 commit comments

Comments
 (0)