Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev to main #5

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/create-issue.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@

name: Create Issue

# Controls when the workflow will run

on:

# Allows you to call this manually from the Actions tab
workflow_dispatch:
inputs:
title:
description: 'Issue title'
required: true
body:
description: 'Issue body'
required: true


jobs:

create_issue:
runs-on: ubuntu-latest

permissions:
issues: write
steps:
- name: echo inputs
run: echo ${{ inputs.title }} ${{ inputs.body }}
- name: Create issue using REST API
run: |
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/issues \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"title": "${{ inputs.title }}",
"body": "Details: ${{ inputs.body }}"
}' \
--fail
24 changes: 9 additions & 15 deletions models/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,10 @@ func AllBooks() ([]Book, error) {
return bks, nil
}

// Query for books by name. This function contains a SQL Injection issue.
// The user input is not parameterized. Instead of using fmt.Sprintf() to build
// the query, you should be using a parameterized query.
// Query for books by name.
func NameQuery(r string) ([]Book, error) {
// Fix: rows, err := DB.Query("SELECT * FROM books WHERE name = ?", r)
rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE name = '%s'", r))
rows, err := DB.Query("SELECT * FROM books WHERE name = ?", r)

if err != nil {
return nil, err
}
Expand All @@ -49,12 +47,10 @@ func NameQuery(r string) ([]Book, error) {
return bks, nil
}

// Query for books by Author. This function contains a SQL Injection issue.
// The user input is not parameterized. Instead of using fmt.Sprintf() to build
// the query, you should be using a parameterized query.
// Query for books by Author.
func AuthorQuery(r string) ([]Book, error) {
// Fix: rows, err := DB.Query("SELECT * FROM books WHERE author = ?", r)
rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE author = '%s'", r))
rows, err := DB.Query("SELECT * FROM books WHERE author = ?", r)

if err != nil {
return nil, err
}
Expand All @@ -68,12 +64,10 @@ func AuthorQuery(r string) ([]Book, error) {
return bks, nil
}

// Query for books by read. This function contains a SQL Injection issue.
// The user input is not parameterized. Instead of using fmt.Sprintf() to build
// the query, you should be using a parameterized query.
// Query for books by read.
func ReadQuery(r string) ([]Book, error) {
// Fix: rows, err := DB.Query("SELECT * FROM books WHERE read = ?", r)
rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE read = '%s'", r))
rows, err := DB.Query("SELECT * FROM books WHERE read = ?", r)

if err != nil {
return nil, err
}
Expand Down