SHOW pgdog.shards command

[levkk]

Description

• Add SHOW pgdog.shards command so clients can find out how many shards are currently configured in the proxy.
• Add wrapper to Rails gem.
• Fix SQL injection in Rails gem.

[jazzberry-ai]

Bug Report

Name	Severity	Example test case	Description
Integer Overflow in Shard Count	Low	Configure a very large number of shards (greater than 9223372036854775807) and execute SHOW pgdog.shards.	The number of shards is represented as a usize in Rust. When handling the SHOW pgdog.shards command, this value is cast to i64 before being sent to the client. If the number of shards is sufficiently large, this cast can lead to an integer overflow, resulting in an incorrect value being reported to the client.

_{Comments? Email us. Your free trial ends in 7 days.}

[jazzberry-ai]

Bug Report

Name	Severity	Example test case	Description
SQL Injection in with_sharding_key	High	Set sharding key to '; DROP TABLE users; --	The with_sharding_key method in sdk/ruby/pgdog/lib/pgdog.rb is vulnerable to SQL injection.
Information Disclosure: Unprotected SHOW pgdog.shards command	Low	Execute SHOW pgdog.shards	The SHOW pgdog.shards command does not have any authorization checks, leading to information disclosure.

_{Comments? Email us. Your free trial ends in 7 days.}

[jazzberry-ai]

Bug Report

Name	Severity	Example test case	Description
SQL Injection Vulnerability	High	Inject a semicolon and a SQL command in with_sharding_key	The single quote escaping in with_sharding_key is insufficient to prevent SQL injection attacks.
Missing CRUD Tests	High	N/A	Skipping the CRUD spec increases the risk of regressions and unexpected behavior in basic database operations.

_{Comments? Email us. Your free trial ends in 7 days.}