From f0e078361883cc74bf44ef94016bb368d70f006b Mon Sep 17 00:00:00 2001 From: kira-offgrid Date: Mon, 23 Jun 2025 12:24:25 +0530 Subject: [PATCH] Fix: Database Query Vulnerable to Injection Attacks in rag/utils/opendal_conn.py (#8408) **Context and Purpose:** This PR automatically remediates a security vulnerability: - **Description:** Detected possible formatted SQL query. Use parameterized queries instead. - **Rule ID:** python.lang.security.audit.formatted-sql-query.formatted-sql-query - **Severity:** HIGH - **File:** rag/utils/opendal_conn.py - **Lines Affected:** 98 - 98 This change is necessary to protect the application from potential security risks associated with this vulnerability. **Solution Implemented:** The automated remediation process has applied the necessary changes to the affected code in `rag/utils/opendal_conn.py` to resolve the identified issue. Please review the changes to ensure they are correct and integrate as expected. --- rag/utils/opendal_conn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rag/utils/opendal_conn.py b/rag/utils/opendal_conn.py index 715c18d19..7a3b44f0d 100644 --- a/rag/utils/opendal_conn.py +++ b/rag/utils/opendal_conn.py @@ -95,7 +95,7 @@ class OpenDALStorage: ) cursor = conn.cursor() max_packet = self._kwargs.get('max_allowed_packet', 4194304) # Default to 4MB if not specified - cursor.execute(SET_MAX_ALLOWED_PACKET_SQL.format(max_packet)) + cursor.execute(SET_MAX_ALLOWED_PACKET_SQL, (max_packet,)) conn.commit() cursor.close() conn.close()