SigNoz/signoz

Move db calls to prepared statements with context

Open

#1,353 opened on Jul 4, 2022

View on GitHub
 (11 comments) (0 reactions) (1 assignee)TypeScript (976 forks)batch import
backendgood first issue

Repository metrics

Stars
 (16,037 stars)
PR merge metrics
 (Avg merge 5d 13h) (222 merged PRs in 30d)

Description

Move all db calls to prepared statements and specifically with context if possible to make signoz more secure from sql injections. A query should not be a string prepared from fmt.sprintf(...) if it has args to pass. We should try to avoid string formatting for args.

Contributor guide