IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

dashboard history clean up: avoid potential SQL injections

Browse Source
This commit is contained in:
Alexander Zobnin 2017-11-17 10:50:35 +03:00
parent 59d89e422b
commit a55be07ea5
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/services/sqlstore/dashboard_version.go
View File

@ -1,7 +1,6 @@
package sqlstore package sqlstore
import ( import (
"fmt"
"math" "math"
"strings" "strings"
@ -72,13 +71,12 @@ func DeleteExpiredVersions(cmd *m.DeleteExpiredVersionsCommand) error {
// Don't clean up if user set versions_to_keep to 2147483647 (MaxInt32) // Don't clean up if user set versions_to_keep to 2147483647 (MaxInt32)
if versionsToKeep := setting.DashboardVersionsToKeep; versionsToKeep < math.MaxInt32 { if versionsToKeep := setting.DashboardVersionsToKeep; versionsToKeep < math.MaxInt32 {
// Get dashboard ids to clean up
affectedDashboardsQuery := fmt.Sprintf(`SELECT dashboard_id FROM dashboard_version
GROUP BY dashboard_id HAVING COUNT(dashboard_version.id)>%d`, versionsToKeep)
err := sess.Table("dashboard_version"). err := sess.Table("dashboard_version").
Select("dashboard_version.id, dashboard_version.version, dashboard_version.dashboard_id"). Select("dashboard_version.id, dashboard_version.version, dashboard_version.dashboard_id").
Where(fmt.Sprintf("dashboard_id IN (%s)", affectedDashboardsQuery)). Where(`dashboard_id IN (
SELECT dashboard_id FROM dashboard_version
GROUP BY dashboard_id HAVING COUNT(dashboard_version.id) > ?
)`, versionsToKeep).
Desc("dashboard_version.dashboard_id", "dashboard_version.version"). Desc("dashboard_version.dashboard_id", "dashboard_version.version").
Find(&versions) Find(&versions)