Skip to content

Harden storage filter column handling #566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Rello wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Harden storage filter column handling #566

Rello wants to merge 1 commit into from
+33 −7

Conversation

@Rello
Copy link
Owner

@Rello Rello commented Jan 18, 2026

Motivation

  • Prevent misuse of filter keys in storage queries by allowlisting allowed columns and avoid injecting arbitrary identifiers into SQL.
  • Improve observability by logging blocked unsupported filter columns to detect suspicious inputs.

Description

  • Add FILTERABLE_COLUMNS allowlist constant with dimension1, dimension2, timestamp, and value.
  • Add getAllowedFilterColumn() helper that checks the allowlist and logs blocked columns via logger.
  • Validate filter keys in read() and sqlWhere() by replacing direct usage of the filter key with the allowed column and skipping unsupported ones, and update SQL expressions to use the validated column.
  • Update CHANGELOG.md to document the hardening.

Testing

  • No automated tests were run.

Codex Task

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Rello