Garou dev #140
Garou dev #140
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| router.get("/pie_chart/:ckey", lib.getLimiter, async (req, res) => { | ||
| try { | ||
| const [results, metadata] = await sequelize.sequelize.query( | ||
| `SELECT SUM(premium_role = 1) as premium_role_count, SUM(nobility_role = 1) as nobility_role_count, SUM(migrant_role = 1) as migrant_role_count, SUM(os13_role = 1) as os13_role_count, SUM(combat_role = 1) as combat_role_count, SUM(support_role = 1) as support_role_count, SUM(church_role = 1) as church_role_count, SUM(lateparty_role = 1) as lateparty_role_count, SUM(bandit_role = 1) as bandit_role_count, SUM(business_role = 1) as business_role_count, SUM(medical_role = 1) as medical_role_count, SUM(special_roles = 1) as special_role_count FROM showlads as showlad INNER JOIN lifeweb_roles lfwb ON showlad.role = lfwb.role WHERE ckey = '${req.params.ckey}'` | ||
| `SELECT COUNT(showlads.role) AS play_count, rc.category_name FROM role_categories rc LEFT JOIN lifeweb_roles lr ON rc.category_id = lr.role_category LEFT JOIN showlads ON lr.role_name = showlads.role AND showlads.ckey = '${req.params.ckey}' GROUP BY rc.category_name ORDER BY category_name asc;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| try { | ||
| const [result1, result2] = await Promise.all([ | ||
| sequelize.sequelize.query( | ||
| `SELECT count(*) as role_count, role FROM showlads WHERE character_name = '${req.params.character_name}' AND role != 'Unknown' GROUP BY role ORDER BY COUNT(*) DESC LIMIT 1` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| `SELECT count(*) as role_count, role FROM showlads WHERE character_name = '${req.params.character_name}' AND role != 'Unknown' GROUP BY role ORDER BY COUNT(*) DESC LIMIT 1` | ||
| ), | ||
| sequelize.sequelize.query( | ||
| `SELECT COUNT(ckey) AS static_count, ckey FROM showlads WHERE character_name = '${req.params.character_name}' GROUP BY ckey ORDER BY static_count DESC LIMIT 1;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| async (req, res) => { | ||
| try { | ||
| const [results, metadata] = await sequelize.sequelize.query( | ||
| `SELECT COUNT(showlads.role) AS play_count, rc.category_name FROM role_categories rc LEFT JOIN lifeweb_roles lr ON rc.category_id = lr.role_category LEFT JOIN showlads ON lr.role_name = showlads.role AND showlads.character_name = '${req.params.character_name}' GROUP BY rc.category_name ORDER BY category_name asc;` |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| }); | ||
| res.send(char_stats); | ||
| } catch (err) { | ||
| res.status(404).send(err); |
Check warning
Code scanning / CodeQL
Information exposure through a stack trace Medium
No description provided.