hashicorp · Valarissa · May 21, 2020 · May 15, 2020 · May 18, 2020 · May 19, 2020
diff --git a/builtin/logical/mssql/secret_creds.go b/builtin/logical/mssql/secret_creds.go
@@ -64,27 +64,26 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d
 	}
 
 	// First disable server login
-	disableStmt, err := db.Prepare(fmt.Sprintf("ALTER LOGIN [%s] DISABLE;", username))
+	disableStmt, err := db.Prepare("ALTER LOGIN [?] DISABLE;")
 	if err != nil {
 		return nil, err
 	}
 	defer disableStmt.Close()
-	if _, err := disableStmt.Exec(); err != nil {
+	if _, err := disableStmt.Exec(username); err != nil {
 		return nil, err
 	}
 
 	// Query for sessions for the login so that we can kill any outstanding
 	// sessions.  There cannot be any active sessions before we drop the logins
 	// This isn't done in a transaction because even if we fail along the way,
 	// we want to remove as much access as possible
-	sessionStmt, err := db.Prepare(fmt.Sprintf(
-		"SELECT session_id FROM sys.dm_exec_sessions WHERE login_name = '%s';", username))
+	sessionStmt, err := db.Prepare("SELECT session_id FROM sys.dm_exec_sessions WHERE login_name = '?';")
 	if err != nil {
 		return nil, err
 	}
 	defer sessionStmt.Close()
 
-	sessionRows, err := sessionStmt.Query()
+	sessionRows, err := sessionStmt.Query(username)
 	if err != nil {
 		return nil, err
 	}
@@ -105,13 +104,13 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d
 	// we need to drop the database users before we can drop the login and the role
 	// This isn't done in a transaction because even if we fail along the way,
 	// we want to remove as much access as possible
-	stmt, err := db.Prepare(fmt.Sprintf("EXEC master.dbo.sp_msloginmappings '%s';", username))
+	stmt, err := db.Prepare("EXEC master.dbo.sp_msloginmappings '?';")
 	if err != nil {
 		return nil, err
 	}
 	defer stmt.Close()
 
-	rows, err := stmt.Query()
+	rows, err := stmt.Query(username)
 	if err != nil {
 		return nil, err
 	}
@@ -149,12 +148,12 @@ func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d
 	}
 
 	// Drop this login
-	stmt, err = db.Prepare(fmt.Sprintf(dropLoginSQL, username, username))
+	stmt, err = db.Prepare(dropLoginSQL)
 	if err != nil {
 		return nil, err
 	}
 	defer stmt.Close()
-	if _, err := stmt.Exec(); err != nil {
+	if _, err := stmt.Exec(username, username); err != nil {
 		return nil, err
 	}
 
@@ -176,8 +175,8 @@ const dropLoginSQL = `
 IF EXISTS
   (SELECT name
    FROM master.sys.server_principals
-   WHERE name = N'%s')
+   WHERE name = N'?')
 BEGIN
-  DROP LOGIN [%s]
+  DROP LOGIN [?]
 END
 `
diff --git a/plugins/database/mssql/mssql.go b/plugins/database/mssql/mssql.go
@@ -202,27 +202,27 @@ func (m *MSSQL) revokeUserDefault(ctx context.Context, username string) error {
 	}
 
 	// First disable server login
-	disableStmt, err := db.PrepareContext(ctx, fmt.Sprintf("ALTER LOGIN [%s] DISABLE;", username))
+	disableStmt, err := db.PrepareContext(ctx, "ALTER LOGIN [?] DISABLE;")
 	if err != nil {
 		return err
 	}
 	defer disableStmt.Close()
-	if _, err := disableStmt.ExecContext(ctx); err != nil {
+	if _, err := disableStmt.ExecContext(ctx, username); err != nil {
 		return err
 	}
 
 	// Query for sessions for the login so that we can kill any outstanding
 	// sessions.  There cannot be any active sessions before we drop the logins
 	// This isn't done in a transaction because even if we fail along the way,
 	// we want to remove as much access as possible
-	sessionStmt, err := db.PrepareContext(ctx, fmt.Sprintf(
-		"SELECT session_id FROM sys.dm_exec_sessions WHERE login_name = '%s';", username))
+	sessionStmt, err := db.PrepareContext(ctx,
+		"SELECT session_id FROM sys.dm_exec_sessions WHERE login_name = '?';")
 	if err != nil {
 		return err
 	}
 	defer sessionStmt.Close()
 
-	sessionRows, err := sessionStmt.QueryContext(ctx)
+	sessionRows, err := sessionStmt.QueryContext(ctx, username)
 	if err != nil {
 		return err
 	}
@@ -243,13 +243,13 @@ func (m *MSSQL) revokeUserDefault(ctx context.Context, username string) error {
 	// we need to drop the database users before we can drop the login and the role
 	// This isn't done in a transaction because even if we fail along the way,
 	// we want to remove as much access as possible
-	stmt, err := db.PrepareContext(ctx, fmt.Sprintf("EXEC master.dbo.sp_msloginmappings '%s';", username))
+	stmt, err := db.PrepareContext(ctx, "EXEC master.dbo.sp_msloginmappings '?';")
 	if err != nil {
 		return err
 	}
 	defer stmt.Close()
 
-	rows, err := stmt.QueryContext(ctx)
+	rows, err := stmt.QueryContext(ctx, username)
 	if err != nil {
 		return err
 	}
@@ -285,12 +285,12 @@ func (m *MSSQL) revokeUserDefault(ctx context.Context, username string) error {
 	}
 
 	// Drop this login
-	stmt, err = db.PrepareContext(ctx, fmt.Sprintf(dropLoginSQL, username, username))
+	stmt, err = db.PrepareContext(ctx, dropLoginSQL)
 	if err != nil {
 		return err
 	}
 	defer stmt.Close()
-	if _, err := stmt.ExecContext(ctx); err != nil {
+	if _, err := stmt.ExecContext(ctx, username, username); err != nil {
 		return err
 	}
 
@@ -372,9 +372,9 @@ const dropLoginSQL = `
 IF EXISTS
   (SELECT name
    FROM master.sys.server_principals
-   WHERE name = N'%s')
+   WHERE name = N'?')
 BEGIN
-  DROP LOGIN [%s]
+  DROP LOGIN [?]
 END
 `