public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[v11.0.x] ServerSideExpressions: Disable SQL Expressions to prevent RCE and LFI vulnerability (#94971)

Browse Source 
ServerSideExpressions: Disable SQL Expressions to prevent RCE and LFI vulnerability (#94942)

* disable sql expressions

remove duckdb ref

* Run `make update-workspace`

---------

Co-authored-by: Scott Lepper <scott.lepper@gmail.com>
(cherry picked from commit ea71201ddc)
This commit is contained in:
Sam Jewell
2024-10-18 14:48:48 +01:00
committed by GitHub
parent 10ea008462
commit ceff188b35
7 changed files with 45 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/expr/sql/db.go
+26
View File
@@ -0,0 +1,26 @@
package sql
import (
"errors"
"github.com/grafana/grafana-plugin-sdk-go/data"
)
type DB struct {
}
func (db *DB) TablesList(rawSQL string) ([]string, error) {
return nil, errors.New("not implemented")
}
func (db *DB) RunCommands(commands []string) (string, error) {
return "", errors.New("not implemented")
}
func (db *DB) QueryFramesInto(name string, query string, frames []*data.Frame, f *data.Frame) error {
return errors.New("not implemented")
}
func NewInMemoryDB() *DB {
return &DB{}
}