diff --git a/engine/query/get.js b/engine/query/get.js index d3dd4bc..f24adbd 100644 --- a/engine/query/get.js +++ b/engine/query/get.js @@ -41,21 +41,6 @@ async function localGet({ options, dbSchema }) { const tableName = options?.tableName ? options.tableName : undefined; const dbFullName = process.env.DSQL_DB_NAME || ""; - /** - * Input Validation - * - * @description Input Validation - */ - if ( - typeof query == "string" && - (query.match( - /^alter|^delete|information_schema|databases|^create/i - ) || - !query.match(/^select|^\( ?select/i)) - ) { - return { success: false, msg: "Wrong Input" }; - } - /** * Create new user folder and file * @@ -71,6 +56,7 @@ async function localGet({ options, dbSchema }) { dbSchema, tableName, local: true, + readOnly: true, }); if (error) throw error; diff --git a/engine/query/post.js b/engine/query/post.js index cd19315..5d47ec8 100644 --- a/engine/query/post.js +++ b/engine/query/post.js @@ -21,25 +21,6 @@ async function localPost({ options, dbSchema }) { const { query, tableName, queryValues } = options; const dbFullName = process.env.DSQL_DB_NAME || ""; - /** - * Input Validation - * - * @description Input Validation - */ - if ( - typeof query === "string" && - query?.match(/^create |^alter |^drop /i) - ) { - return { success: false, msg: "Wrong Input" }; - } - - if ( - typeof query === "object" && - query?.action?.match(/^create |^alter |^drop /i) - ) { - return { success: false, msg: "Wrong Input" }; - } - /** * Create new user folder and file * diff --git a/package-shared/functions/backend/db/runQuery.js b/package-shared/functions/backend/db/runQuery.js index a5b23e5..a9adf13 100644 --- a/package-shared/functions/backend/db/runQuery.js +++ b/package-shared/functions/backend/db/runQuery.js @@ -94,6 +94,23 @@ async function runQuery({ .replace(/ {2,}/g, " ") .trim(); + /** + * Input Validation + * + * @description Input Validation + */ + if ( + readOnly && + (formattedQuery.match( + /^alter|^delete|information_schema|databases|^create/i + ) || + !formattedQuery.match(/^select|^\( ?select/i)) + ) { + throw new Error("Wrong Input!"); + } + + console.log("formattedQuery =>", formattedQuery); + if (local) { const rawResults = await LOCAL_DB_HANDLER( formattedQuery, diff --git a/package.json b/package.json index 2bf4a82..bf96dc1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@moduletrace/datasquirel", - "version": "2.6.9", + "version": "2.7.0", "description": "Cloud-based SQL data management tool", "main": "index.js", "bin": {