Updates

index.d.ts

@@ -28,6 +28,7 @@ export namespace sql {
     export { sqlGenerator };
     export { sqlInsertGenerator };
     export { sqlDeleteGenerator };
+    export { trimSql as trim };
 }
 import uploadImage = require("./utils/upload-image");
 import uploadFile = require("./utils/upload-file");
@@ -47,4 +48,5 @@ import loginWithGithub = require("./users/social/github-auth");
 import sqlGenerator = require("./functions/sql/sql-generator");
 import sqlInsertGenerator = require("./functions/sql/sql-insert-generator");
 import sqlDeleteGenerator = require("./functions/sql/sql-delete-generator");
+import trimSql = require("./package-shared/utils/trim-sql");
 export { get, post, getSchema, sanitizeSql, datasquirelClient as client };

index.js

@@ -31,6 +31,7 @@ const datasquirelClient = require("./client");
 const sqlGenerator = require("./functions/sql/sql-generator");
 const sqlInsertGenerator = require("./functions/sql/sql-insert-generator");
 const sqlDeleteGenerator = require("./functions/sql/sql-delete-generator");
+const trimSql = require("./package-shared/utils/trim-sql");
 
 ////////////////////////////////////////
 ////////////////////////////////////////
@@ -72,6 +73,7 @@ const sql = {
     sqlGenerator,
     sqlInsertGenerator,
     sqlDeleteGenerator,
+    trim: trimSql,
 };
 
 /**

package-shared/functions/backend/db/runQuery.js

@@ -20,6 +20,7 @@ const addDbEntry = require("./addDbEntry");
 const updateDbEntry = require("./updateDbEntry");
 const deleteDbEntry = require("./deleteDbEntry");
 const parseDbResults = require("../parseDbResults");
+const trimSql = require("../../../utils/trim-sql");
 
 /** ****************************************************************************** */
 /** ****************************************************************************** */
@@ -89,10 +90,7 @@ async function runQuery({
      */
     try {
         if (typeof query === "string") {
-            const formattedQuery = query
-                .replace(/\n|\r|\n\r|\r\n/gm, " ")
-                .replace(/ {2,}/g, " ")
-                .trim();
+            const formattedQuery = trimSql(query);
 
             /**
              * Input Validation
@@ -101,10 +99,9 @@ async function runQuery({
              */
             if (
                 readOnly &&
-                (formattedQuery.match(
+                formattedQuery.match(
                     /^alter|^delete|information_schema|databases|^create/i
-                ) ||
-                    !formattedQuery.match(/^select|^\( ?select/i))
+                )
             ) {
                 throw new Error("Wrong Input!");
             }

package-shared/utils/trim-sql.d.ts

@@ -0,0 +1,24 @@
+export = trimSql;
+/**
+ * @typedef {object} GrabHostNamesReturn
+ * @property {string} host
+ * @property {number | string} port
+ * @property {typeof http | typeof https} scheme
+ */
+/**
+ *  # Trim SQL
+ * @description Remove Returns and miltiple spaces from SQL Query
+ * @param {string} sql
+ * @returns {string}
+ */
+declare function trimSql(sql: string): string;
+declare namespace trimSql {
+    export { GrabHostNamesReturn };
+}
+type GrabHostNamesReturn = {
+    host: string;
+    port: number | string;
+    scheme: typeof http | typeof https;
+};
+import http = require("http");
+import https = require("https");

package-shared/utils/trim-sql.js

@@ -0,0 +1,26 @@
+// @ts-check
+
+const https = require("https");
+const http = require("http");
+
+/**
+ * @typedef {object} GrabHostNamesReturn
+ * @property {string} host
+ * @property {number | string} port
+ * @property {typeof http | typeof https} scheme
+ */
+
+/**
+ *  # Trim SQL
+ * @description Remove Returns and miltiple spaces from SQL Query
+ * @param {string} sql
+ * @returns {string}
+ */
+function trimSql(sql) {
+    return sql
+        .replace(/\n|\r|\n\r|\r\n/gm, " ")
+        .replace(/ {2,}/g, " ")
+        .trim();
+}
+
+module.exports = trimSql;

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@moduletrace/datasquirel",
-    "version": "2.7.1",
+    "version": "2.7.2",
     "description": "Cloud-based SQL data management tool",
     "main": "index.js",
     "bin": {