Fix potential security issue.

formancehq · Jan 19, 2022 · 806431d · 806431d
1 parent 43cdb29
commit 806431d
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/pkg/storage/sqlstorage/mapping.go b/pkg/storage/sqlstorage/mapping.go
@@ -3,7 +3,6 @@ package sqlstorage
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"github.com/huandu/go-sqlbuilder"
 	"github.com/numary/ledger/pkg/core"
 	"github.com/sirupsen/logrus"
@@ -75,7 +74,7 @@ func (s *Store) SaveMapping(ctx context.Context, mapping core.Mapping) error {
 	switch s.flavor {
 	case sqlbuilder.Flavor(PostgreSQL):
 		sqlq, args = ib.BuildWithFlavor(s.flavor)
-		sqlq = fmt.Sprintf("%s ON CONFLICT (mapping_id) DO UPDATE SET mapping = '%s'", sqlq, string(data))
+		sqlq += " ON CONFLICT (mapping_id) DO UPDATE SET mapping = $2"
 	default:
 		ib.ReplaceInto(s.table("mapping"))
 		sqlq, args = ib.BuildWithFlavor(s.flavor)