From aafd76b507e86fe2ba21b681bfef486ec879faec Mon Sep 17 00:00:00 2001 From: Benjamin Toby Date: Mon, 18 Nov 2024 18:14:15 +0100 Subject: [PATCH] Updates --- index.d.ts | 2 ++ index.js | 2 ++ .../functions/backend/db/runQuery.js | 11 +++----- package-shared/utils/trim-sql.d.ts | 24 +++++++++++++++++ package-shared/utils/trim-sql.js | 26 +++++++++++++++++++ package.json | 2 +- 6 files changed, 59 insertions(+), 8 deletions(-) create mode 100644 package-shared/utils/trim-sql.d.ts create mode 100644 package-shared/utils/trim-sql.js diff --git a/index.d.ts b/index.d.ts index ae1ba74..f4d2bb0 100644 --- a/index.d.ts +++ b/index.d.ts @@ -28,6 +28,7 @@ export namespace sql { export { sqlGenerator }; export { sqlInsertGenerator }; export { sqlDeleteGenerator }; + export { trimSql as trim }; } import uploadImage = require("./utils/upload-image"); import uploadFile = require("./utils/upload-file"); @@ -47,4 +48,5 @@ import loginWithGithub = require("./users/social/github-auth"); import sqlGenerator = require("./functions/sql/sql-generator"); import sqlInsertGenerator = require("./functions/sql/sql-insert-generator"); import sqlDeleteGenerator = require("./functions/sql/sql-delete-generator"); +import trimSql = require("./package-shared/utils/trim-sql"); export { get, post, getSchema, sanitizeSql, datasquirelClient as client }; diff --git a/index.js b/index.js index a6344b5..45cd091 100644 --- a/index.js +++ b/index.js @@ -31,6 +31,7 @@ const datasquirelClient = require("./client"); const sqlGenerator = require("./functions/sql/sql-generator"); const sqlInsertGenerator = require("./functions/sql/sql-insert-generator"); const sqlDeleteGenerator = require("./functions/sql/sql-delete-generator"); +const trimSql = require("./package-shared/utils/trim-sql"); //////////////////////////////////////// //////////////////////////////////////// @@ -72,6 +73,7 @@ const sql = { sqlGenerator, sqlInsertGenerator, sqlDeleteGenerator, + trim: trimSql, }; /** diff --git a/package-shared/functions/backend/db/runQuery.js b/package-shared/functions/backend/db/runQuery.js index fb4e8eb..e9194f9 100644 --- a/package-shared/functions/backend/db/runQuery.js +++ b/package-shared/functions/backend/db/runQuery.js @@ -20,6 +20,7 @@ const addDbEntry = require("./addDbEntry"); const updateDbEntry = require("./updateDbEntry"); const deleteDbEntry = require("./deleteDbEntry"); const parseDbResults = require("../parseDbResults"); +const trimSql = require("../../../utils/trim-sql"); /** ****************************************************************************** */ /** ****************************************************************************** */ @@ -89,10 +90,7 @@ async function runQuery({ */ try { if (typeof query === "string") { - const formattedQuery = query - .replace(/\n|\r|\n\r|\r\n/gm, " ") - .replace(/ {2,}/g, " ") - .trim(); + const formattedQuery = trimSql(query); /** * Input Validation @@ -101,10 +99,9 @@ async function runQuery({ */ if ( readOnly && - (formattedQuery.match( + formattedQuery.match( /^alter|^delete|information_schema|databases|^create/i - ) || - !formattedQuery.match(/^select|^\( ?select/i)) + ) ) { throw new Error("Wrong Input!"); } diff --git a/package-shared/utils/trim-sql.d.ts b/package-shared/utils/trim-sql.d.ts new file mode 100644 index 0000000..5157fa0 --- /dev/null +++ b/package-shared/utils/trim-sql.d.ts @@ -0,0 +1,24 @@ +export = trimSql; +/** + * @typedef {object} GrabHostNamesReturn + * @property {string} host + * @property {number | string} port + * @property {typeof http | typeof https} scheme + */ +/** + * # Trim SQL + * @description Remove Returns and miltiple spaces from SQL Query + * @param {string} sql + * @returns {string} + */ +declare function trimSql(sql: string): string; +declare namespace trimSql { + export { GrabHostNamesReturn }; +} +type GrabHostNamesReturn = { + host: string; + port: number | string; + scheme: typeof http | typeof https; +}; +import http = require("http"); +import https = require("https"); diff --git a/package-shared/utils/trim-sql.js b/package-shared/utils/trim-sql.js new file mode 100644 index 0000000..73d2d67 --- /dev/null +++ b/package-shared/utils/trim-sql.js @@ -0,0 +1,26 @@ +// @ts-check + +const https = require("https"); +const http = require("http"); + +/** + * @typedef {object} GrabHostNamesReturn + * @property {string} host + * @property {number | string} port + * @property {typeof http | typeof https} scheme + */ + +/** + * # Trim SQL + * @description Remove Returns and miltiple spaces from SQL Query + * @param {string} sql + * @returns {string} + */ +function trimSql(sql) { + return sql + .replace(/\n|\r|\n\r|\r\n/gm, " ") + .replace(/ {2,}/g, " ") + .trim(); +} + +module.exports = trimSql; diff --git a/package.json b/package.json index 23c1ebd..f96e7df 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@moduletrace/datasquirel", - "version": "2.7.1", + "version": "2.7.2", "description": "Cloud-based SQL data management tool", "main": "index.js", "bin": {