phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-26 11:14:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(proxy_server.py): security fix - fix sql injection attack on global spend logs

Browse source
This commit is contained in:
Krrish Dholakia 2024-06-01 14:16:26 -07:00
parent 1ec2ba186f
commit f75c15d6cd
1 changed files with 4 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
litellm/proxy/proxy_server.py
View file

@ -8693,17 +8693,13 @@ async def global_spend_logs(
return response
else:
sql_query = (
"""
sql_query = """
SELECT * FROM "MonthlyGlobalSpendPerKey"
WHERE "api_key" = '"""
+ api_key
+ """'
WHERE "api_key" = $1
ORDER BY "date";
"""
)
response = await prisma_client.db.query_raw(query=sql_query)
response = await prisma_client.db.query_raw(sql_query, api_key)
return response
return