Bind query parameters #219
Comments
|
Hi @rojikada, thanks for suggestion. It is on our radar, but currently we don't have exact time schedule for that. Stay tuned. Regards |
rhajek
added a commit
that referenced
this issue
Apr 1, 2021
rhajek
added a commit
that referenced
this issue
Apr 1, 2021
rhajek
added a commit
that referenced
this issue
Apr 1, 2021
rhajek
added a commit
that referenced
this issue
Apr 6, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal:
Add a way to bind parameters to any query (i.e. query_api.query_data_frame)
Current behavior:
If I want to make an flux query i.e.:
query_api.query_data_frame(f'from(bucket: \"{self.query_bucket}\") |> range(start: {self.dt_to_influx(dt_from)}, stop: {self.dt_to_influx(dt_to)}) |> filter(fn: (r) => r["_measurement"] == "{<user_input_signals_string>}") |> filter(fn: (r) => r["_field"] == "value") |> aggregateWindow(every: {sampling}s, fn: median, createEmpty: true) |> yield(name: "median")')It is unsafe by the OWASP standard as I'd have to bind the parameters.
Desired behavior:
I'd like the quer_data_frame function to have an bind_parameters/params optional input, where I could put an dictionary for those inputs, with their types.
Alternatives considered:
I could filter the strings, but it is considered unsafe by the OWASP. I found, there is a "sanitize_for_serialization" method in the api_client.call_api code, but _query_api.post_query in query_api ommits this same as function query_data_frame_stream used by query_data_frame.
Use case:
I must have safe code as it is part of critical structure.
The text was updated successfully, but these errors were encountered: