phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-26 11:14:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(proxy_server.py): security fix - fix sql injection attack on global spend logs

Browse source
This commit is contained in:
Krrish Dholakia 2024-06-01 14:16:26 -07:00
parent 1ec2ba186f
commit f75c15d6cd
1 changed files with 4 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
litellm/proxy/proxy_server.py
View file

@ -8693,17 +8693,13 @@ async def global_spend_logs(
return response return response
else: else:
sql_query = ( sql_query = """
"""
SELECT * FROM "MonthlyGlobalSpendPerKey" SELECT * FROM "MonthlyGlobalSpendPerKey"
WHERE "api_key" = '""" WHERE "api_key" = $1
+ api_key
+ """'
ORDER BY "date"; ORDER BY "date";
""" """
)
response = await prisma_client.db.query_raw(query=sql_query) response = await prisma_client.db.query_raw(sql_query, api_key)
return response return response
return return