importer: Fix potential SQL command injection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

importer: Fix potential SQL command injection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
b56bf4bf · Michael Tremer · c9486b13 · b56bf4bf
Commit b56bf4bf authored Sep 27, 2022 by Michael Tremer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 8 deletions

src/scripts/location-importer.in src/scripts/location-importer.in +2 -8

No files found.
--- a/src/scripts/location-importer.in
+++ b/src/scripts/location-importer.in
@@ -1450,10 +1450,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM network_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM network_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue
@@ -1505,10 +1502,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM autnum_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM autnum_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue