Merge pull request from GHSA-rrp4-2xx3-mv29
Security: fix vulnerability where `-database` parameter accepts arbitrary DSN strings
This commit is contained in:
commit
1f780ae973
2
build.sh
2
build.sh
@ -18,7 +18,7 @@ function build {
|
||||
GOOS=$3
|
||||
GOARCH=$4
|
||||
|
||||
if ! go version | egrep -q 'go(1\.1[56])' ; then
|
||||
if ! go version | egrep -q 'go1\.(1[5-9]|[2-9][0-9]{1})' ; then
|
||||
echo "go version must be 1.15 or above"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -8,6 +8,7 @@ package main
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
@ -188,6 +189,11 @@ func main() {
|
||||
log.Fatalf("--database must be provided and database name must not be empty, or --alter must specify database name")
|
||||
}
|
||||
}
|
||||
|
||||
if err := flag.Set("database", url.QueryEscape(migrationContext.DatabaseName)); err != nil {
|
||||
migrationContext.Log.Fatale(err)
|
||||
}
|
||||
|
||||
if migrationContext.OriginalTableName == "" {
|
||||
if parser.HasExplicitTable() {
|
||||
migrationContext.OriginalTableName = parser.GetExplicitTable()
|
||||
|
Loading…
Reference in New Issue
Block a user