rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup and document hacky sql interaction

Browse source
This commit is contained in:
Tom Wiesing 2022-09-19 23:16:56 +02:00
parent 881b538dff
commit 07409a01be
No known key found for this signature in database
17 changed files with 284 additions and 204 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/sqle/name.go
View file

@ -5,8 +5,13 @@ import (
"unicode"
)
// IsSafeDatabaseName checks if a string is safe to be used as a database name
func IsSafeDatabaseName(value string) bool {
// IsSafeDatabaseSingleQuote checks if value can safely be put inside 's inside a database query
func IsSafeDatabaseSingleQuote(value string) bool {
return !strings.ContainsAny(value, "'`") // TODO: This should be safer, but it's relatively controlled
}
// IsSafeDatabaseLiteral checks if a value is safe to be used as a database query literal
func IsSafeDatabaseLiteral(value string) bool {
// the empty name is not allowed!
if len(value) == 0 {
return false

2
pkg/sqle/sqle.go
View file

@ -4,6 +4,8 @@ import (
"github.com/feiin/sqlstring"
)
// TODO: This is really unsafe and shouldn't be used at all.
// Format formats the provided query with the given parameters.
func Format(query string, params ...interface{}) string {
return sqlstring.Format(query, params...)