Skip to content

[kilted] Fix for vulnerable string concatenation with parameterized SQL queries. (backport #2290) #2296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MichaelOrlov merged 1 commit into from
Jan 9, 2026
Merged

[kilted] Fix for vulnerable string concatenation with parameterized SQL queries. (backport #2290) #2296

MichaelOrlov merged 1 commit into from
Jan 9, 2026
+37 −6

Conversation

@mergify
Copy link

@mergify mergify bot commented Jan 6, 2026

Description

This PR fixes SQL injection vulnerabilities in the SQLite wrapper by replacing vulnerable string concatenation with parameterized queries in the table_exists(table_name) and field_exists(field_name) functions.

Is this user-facing behavior change?

Did you use Generative AI?

Additional Information

This is an automatic backport of pull request #2290 done by [Mergify](https://mergify.com).

@mergify mergify bot mentioned this pull request Jan 6, 2026
Merged
@MichaelOrlov MichaelOrlov changed the title Fix for vulnerable string concatenation with parameterized SQL queries. (backport #2290) [kilted] Fix for vulnerable string concatenation with parameterized SQL queries. (backport #2290) Jan 6, 2026
@fujitatomoya
Copy link
Contributor

fujitatomoya commented Jan 6, 2026

Pulls: #2296
Gist: https://gist.githubusercontent.com/fujitatomoya/48e81298afd17475b4b07131de7a6256/raw/b6450dbe8ceaef5b5d67e18b11adc165e4ef9877/ros2.repos
BUILD args: --packages-above-and-dependencies ros2bag_storage_sqlite3
TEST args: --packages-above ros2bag_storage_sqlite3
ROS Distro: kilted
Job: ci_launcher
ci_launcher ran: https://ci.ros2.org/job/ci_launcher/17862

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

@fujitatomoya
Copy link
Contributor

fujitatomoya commented Jan 6, 2026

Pulls: #2296
Gist: https://gist.githubusercontent.com/fujitatomoya/8c8ca69b5f5c9998af391dc6e2593ac5/raw/b6450dbe8ceaef5b5d67e18b11adc165e4ef9877/ros2.repos
BUILD args: --packages-above-and-dependencies rosbag2_storage_sqlite3
TEST args: --packages-above rosbag2_storage_sqlite3
ROS Distro: kilted
Job: ci_launcher
ci_launcher ran: https://ci.ros2.org/job/ci_launcher/17864

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

@MichaelOrlov
Copy link
Contributor

MichaelOrlov commented Jan 9, 2026

The failed RHEL CI build was autorestarted and passed green

  • Linux-rhel Build Status

@MichaelOrlov MichaelOrlov merged commit 0e07a45 into kilted Jan 9, 2026
11 of 12 checks passed
@MichaelOrlov MichaelOrlov deleted the mergify/bp/kilted/pr-2290 branch January 9, 2026 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichaelOrlov MichaelOrlov MichaelOrlov approved these changes

@fujitatomoya fujitatomoya fujitatomoya approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fujitatomoya @MichaelOrlov