public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[v11.1.x] ServerSideExpressions: Disable SQL Expressions to prevent RCE and LFI vulnerability (#94969)

Browse Source 
* remove sql expressions - backport 11.1.x

* Run `make gen-go` and `go mod tidy`

---------

Co-authored-by: Scott Lepper <scott.lepper@gmail.com>
This commit is contained in:
Sam Jewell
2024-10-18 14:38:48 +01:00
committed by GitHub
parent 901418e263
commit 12b0b3adfc
6 changed files with 33 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/expr/sql_command.go
+1 -2
View File
@@ -7,7 +7,6 @@ import (
"time"
"github.com/grafana/grafana-plugin-sdk-go/data"
"github.com/scottlepp/go-duck/duck"
"github.com/grafana/grafana/pkg/expr/mathexp"
"github.com/grafana/grafana/pkg/expr/sql"
@@ -94,7 +93,7 @@ func (gr *SQLCommand) Execute(ctx context.Context, now time.Time, vars mathexp.V
rsp := mathexp.Results{}
duckDB := duck.NewInMemoryDB()
duckDB := sql.NewInMemoryDB()
var frame = &data.Frame{}
logger.Debug("Executing query", "query", gr.query, "frames", len(allFrames))