Skip to content

πŸ›‘οΈ Sentinel: [CRITICAL] Fix SQL injection in metadata generation#187

Open
thebearwithabite wants to merge 1 commit intomasterfrom
sentinel-metadata-sql-injection-8645368814105378902
Open

πŸ›‘οΈ Sentinel: [CRITICAL] Fix SQL injection in metadata generation#187
thebearwithabite wants to merge 1 commit intomasterfrom
sentinel-metadata-sql-injection-8645368814105378902

Conversation

@thebearwithabite
Copy link
Copy Markdown
Owner

@thebearwithabite thebearwithabite commented Mar 29, 2026

πŸ›‘οΈ Sentinel: [CRITICAL] Fix SQL injection in metadata generation

🚨 Severity: CRITICAL
πŸ’‘ Vulnerability: SQL Injection via Dictionary Keys in Dynamic Queries
🎯 Impact: An attacker or malformed data source could inject arbitrary SQL into the save_file_metadata method by providing malicious dictionary keys (e.g., column_name) VALUES (...); DROP TABLE...). This could lead to data loss, modification, or exposure of the entire file_metadata table.
πŸ”§ Fix: Fetched the exact table schema using PRAGMA table_info(file_metadata) and strictly whitelisted the incoming metadata keys against the safe column names before generating the dynamic SQL query.
βœ… Verification: Tested manually with a mock script simulating a malicious key containing ON CONFLICT DO UPDATE. After the fix, the malicious key was safely ignored and filtered out before query execution.

PR created automatically by Jules for task 8645368814105378902 started by @thebearwithabite

@google-labs-jules @thebearwithabite
πŸ›‘οΈ Sentinel: [CRITICAL] Fix SQL injection in metadata generation
457584d 
Identified and resolved a critical SQL injection vulnerability in `metadata_generator.py`.
The `save_file_metadata` method was using user-provided metadata keys directly as column names in a dynamic `INSERT OR REPLACE INTO file_metadata` query.

Since parameterization (`?`) only works for values, not identifiers like column names, an attacker supplying crafted dictionary keys could execute arbitrary SQL commands.

Fixed by querying `PRAGMA table_info` to fetch the actual safe schema and filtering the input metadata dictionary against this whitelist.

Co-authored-by: thebearwithabite <216692431+thebearwithabite@users.noreply.github.com>
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules Bot commented Mar 29, 2026

πŸ‘‹ Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a πŸ‘€ emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thebearwithabite