Comment by xigoi 1 year ago The very first example on that page is vulnerable to injection. 3 comments xigoi Reply richbell 1 year ago Which one? xigoi 1 year ago #!/bin/bash function csv_to_parquet() { file_path="$1" duckdb -c "COPY (SELECT * FROM read_csv_auto('$file_path')) TO '${file_path%.*}.parquet' (FORMAT PARQUET);" } richbell 1 year ago Eh, in the context of the site and other snippets that seems pedantic.Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.
richbell 1 year ago Which one? xigoi 1 year ago #!/bin/bash function csv_to_parquet() { file_path="$1" duckdb -c "COPY (SELECT * FROM read_csv_auto('$file_path')) TO '${file_path%.*}.parquet' (FORMAT PARQUET);" } richbell 1 year ago Eh, in the context of the site and other snippets that seems pedantic.Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.
xigoi 1 year ago #!/bin/bash function csv_to_parquet() { file_path="$1" duckdb -c "COPY (SELECT * FROM read_csv_auto('$file_path')) TO '${file_path%.*}.parquet' (FORMAT PARQUET);" } richbell 1 year ago Eh, in the context of the site and other snippets that seems pedantic.Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.
richbell 1 year ago Eh, in the context of the site and other snippets that seems pedantic.Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.
Which one?
Eh, in the context of the site and other snippets that seems pedantic.
Could it be run on untrusted user input? Sure. Does it actually pose a threat? It's improbable.