21 Commits

Author	SHA1	Message	Date
copilot-swe-agent[bot]	a6a17d019f	fix: Optimized regex performance and added backslash escaping for LIKE patterns ... - Added backslash escaping to LIKE pattern sanitization - Optimized ValidSQL select mode with single pre-compiled regex - All funcspec tests pass (except pre-existing TestReplaceMetaVariables) Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>	2025-12-31 07:28:16 +00:00
copilot-swe-agent[bot]	a7cc42044b	fix: Improved SQL injection protection with proper handling ... - Fixed IN clause to conditionally quote only string values (not numeric) - Fixed LIKE pattern sanitization to preserve wildcards while preventing injection - Improved dangerous pattern removal with case-insensitive regex while preserving case - All funcspec tests now pass (except pre-existing TestReplaceMetaVariables) Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>	2025-12-31 07:24:56 +00:00
copilot-swe-agent[bot]	8cdc353029	fix: Fixed SQL quoting for empty/zero values and sanitized match filter ... - Sanitize colval immediately after extraction in match= filter - Fixed empty/zero value handling to use proper SQL literals (0 vs '') - Applied proper quoting for string vs numeric comparisons - Fixed x-fieldfilter handlers for proper value handling Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>	2025-12-31 07:22:42 +00:00
copilot-swe-agent[bot]	6528e94297	fix: Improved SQL injection protections based on code review ... - Fixed backslash escaping order in colvalue mode - Added proper quoting for IN clause values - Simplified dangerous pattern matching with case-insensitive approach - All funcspec tests pass (except pre-existing test failure) Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>	2025-12-31 07:20:56 +00:00
copilot-swe-agent[bot]	f711bf38d2	fix: Enhanced SQL injection protection in funcspec ... - Added sanitization for path parameters in mergePathParams - Added sanitization for query parameters with p- prefix in mergeQueryParams - Added sanitization for header parameters in mergeHeaderParams - Fixed IN clause to sanitize all values individually - Improved ValidSQL function with better escaping and more injection patterns - Added backslash escaping to colvalue mode - Extended dangerous keyword list in select mode Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>	2025-12-31 07:19:53 +00:00
Hein	caf85cf558	fix: 🔒 Fixed funcapi possible injections	2025-12-31 09:09:16 +02:00
Hein	31ad217818	Event Broken Concept	2025-12-12 09:23:54 +02:00
Hein	7ef1d6424a	Better handling for variables callback	2025-12-11 15:57:01 +02:00
Hein	c50eeac5bf	Change the SqlQuery functions parameters on Function Spec	2025-12-11 15:42:00 +02:00
Hein	dc3b621380	Fixed test for session id changes	2025-12-09 14:07:00 +02:00
Hein	0a9c107095	Fixed sqlquery bug in funcspec	2025-12-09 10:19:03 +02:00
Hein	4e2fe33b77	Fixed session_rid in funcspec	2025-12-09 10:04:39 +02:00
Hein	ab1ce869b6	Handling JSON responses in funcspec	2025-12-03 12:10:13 +02:00
Hein	ff72e04428	Added meta operation.	2025-12-03 11:59:58 +02:00
Hein	e35f8a4f14	Fix session id that is an integer.	2025-12-03 11:49:19 +02:00
Hein	5ff9a8a24e	Fixed blank params on funcspec	2025-12-03 11:42:32 +02:00
Hein	8172c0495d	More generic security solution.	2025-12-02 16:35:08 +02:00
Hein	9c5c7689e9	More common handler interface	2025-12-02 15:45:24 +02:00
Hein	78029fb34f	Fixed formatting issues	2025-12-01 14:56:30 +02:00
Hein	1643a5e920	Added cache, funcspec and implemented total cache	2025-12-01 14:40:54 +02:00
Hein	6bbe0ec8b0	Added function api prototype	2025-11-24 17:00:15 +02:00