fix(striker-ui-api): correct escape single quote in SQL inputs

striker-ui-api/src/lib/request_handlers/fence/createFence.ts

@@ -7,9 +7,11 @@ import { getFenceSpec, timestamp, write } from '../../accessModule';
 import { sanitize } from '../../sanitize';
 import { stderr, stdoutVar, uuid } from '../../shell';
 
-const handleNumberType = (v: unknown) => String(sanitize(v, 'number'));
+const handleNumberType = (v: unknown) =>
+  String(sanitize(v, 'number', { modifierType: 'sql' }));
 
-const handleStringType = (v: unknown) => sanitize(v, 'string');
+const handleStringType = (v: unknown) =>
+  sanitize(v, 'string', { modifierType: 'sql' });
 
 const MAP_TO_VAR_TYPE: Record<
   AnvilDataFenceParameterType,
@@ -46,9 +48,12 @@ export const createFence: RequestHandler<
     return response.status(500).send();
   }
 
-  const agent = sanitize(rAgent, 'string');
-  const name = sanitize(rName, 'string');
-  const fenceUuid = sanitize(rUuid, 'string', { fallback: uuid() });
+  const agent = sanitize(rAgent, 'string', { modifierType: 'sql' });
+  const name = sanitize(rName, 'string', { modifierType: 'sql' });
+  const fenceUuid = sanitize(rUuid, 'string', {
+    fallback: uuid(),
+    modifierType: 'sql',
+  });
 
   const { [agent]: agentSpec } = fenceSpec;
 

striker-ui-api/src/lib/sanitizeSQLParam.ts

@@ -1,2 +1,2 @@
 export const sanitizeSQLParam = (variable: string): string =>
-  variable.replace(/[']/g, '');
+  variable.replace(/'/g, `''`);