-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Garou dev #140
Conversation
router.get("/pie_chart/:ckey", lib.getLimiter, async (req, res) => { | ||
try { | ||
const [results, metadata] = await sequelize.sequelize.query( | ||
`SELECT SUM(premium_role = 1) as premium_role_count, SUM(nobility_role = 1) as nobility_role_count, SUM(migrant_role = 1) as migrant_role_count, SUM(os13_role = 1) as os13_role_count, SUM(combat_role = 1) as combat_role_count, SUM(support_role = 1) as support_role_count, SUM(church_role = 1) as church_role_count, SUM(lateparty_role = 1) as lateparty_role_count, SUM(bandit_role = 1) as bandit_role_count, SUM(business_role = 1) as business_role_count, SUM(medical_role = 1) as medical_role_count, SUM(special_roles = 1) as special_role_count FROM showlads as showlad INNER JOIN lifeweb_roles lfwb ON showlad.role = lfwb.role WHERE ckey = '${req.params.ckey}'` | ||
`SELECT COUNT(showlads.role) AS play_count, rc.category_name FROM role_categories rc LEFT JOIN lifeweb_roles lr ON rc.category_id = lr.role_category LEFT JOIN showlads ON lr.role_name = showlads.role AND showlads.ckey = '${req.params.ckey}' GROUP BY rc.category_name ORDER BY category_name asc;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
user-provided value
try { | ||
const [result1, result2] = await Promise.all([ | ||
sequelize.sequelize.query( | ||
`SELECT count(*) as role_count, role FROM showlads WHERE character_name = '${req.params.character_name}' AND role != 'Unknown' GROUP BY role ORDER BY COUNT(*) DESC LIMIT 1` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
user-provided value
`SELECT count(*) as role_count, role FROM showlads WHERE character_name = '${req.params.character_name}' AND role != 'Unknown' GROUP BY role ORDER BY COUNT(*) DESC LIMIT 1` | ||
), | ||
sequelize.sequelize.query( | ||
`SELECT COUNT(ckey) AS static_count, ckey FROM showlads WHERE character_name = '${req.params.character_name}' GROUP BY ckey ORDER BY static_count DESC LIMIT 1;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
user-provided value
async (req, res) => { | ||
try { | ||
const [results, metadata] = await sequelize.sequelize.query( | ||
`SELECT COUNT(showlads.role) AS play_count, rc.category_name FROM role_categories rc LEFT JOIN lifeweb_roles lr ON rc.category_id = lr.role_category LEFT JOIN showlads ON lr.role_name = showlads.role AND showlads.character_name = '${req.params.character_name}' GROUP BY rc.category_name ORDER BY category_name asc;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
user-provided value
}); | ||
res.send(char_stats); | ||
} catch (err) { | ||
res.status(404).send(err); |
Check warning
Code scanning / CodeQL
Information exposure through a stack trace Medium
No description provided.