You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The blacklist checking is fairly basic and can be problematic because it doesn't differentiate between "drop" and "raindrop" for example.
e.g. "DROP" is a blacklisted term. However it's fine as part of another word, e.g. "DROPKICK" or "RAINDROP"...the SQL compiler isn't going to tokenize these things to produce "DROP".
Amend the blacklist checking to only raise an issue if the blacklisted term is surrounded by non-alphanumeric characters or start/end, so it'll flag "DROP", "DROP something", "(DROP something)"...but not "DROPKICK something"
The text was updated successfully, but these errors were encountered:
The blacklist checking is fairly basic and can be problematic because it doesn't differentiate between "drop" and "raindrop" for example.
e.g. "DROP" is a blacklisted term. However it's fine as part of another word, e.g. "DROPKICK" or "RAINDROP"...the SQL compiler isn't going to tokenize these things to produce "DROP".
Amend the blacklist checking to only raise an issue if the blacklisted term is surrounded by non-alphanumeric characters or start/end, so it'll flag "DROP", "DROP something", "(DROP something)"...but not "DROPKICK something"
The text was updated successfully, but these errors were encountered: