This commit is contained in:
Benjamin Toby 2024-11-18 10:59:12 +01:00
parent 5d56d41624
commit ebb6141ec5
4 changed files with 19 additions and 35 deletions

View File

@ -41,21 +41,6 @@ async function localGet({ options, dbSchema }) {
const tableName = options?.tableName ? options.tableName : undefined; const tableName = options?.tableName ? options.tableName : undefined;
const dbFullName = process.env.DSQL_DB_NAME || ""; const dbFullName = process.env.DSQL_DB_NAME || "";
/**
* Input Validation
*
* @description Input Validation
*/
if (
typeof query == "string" &&
(query.match(
/^alter|^delete|information_schema|databases|^create/i
) ||
!query.match(/^select|^\( ?select/i))
) {
return { success: false, msg: "Wrong Input" };
}
/** /**
* Create new user folder and file * Create new user folder and file
* *
@ -71,6 +56,7 @@ async function localGet({ options, dbSchema }) {
dbSchema, dbSchema,
tableName, tableName,
local: true, local: true,
readOnly: true,
}); });
if (error) throw error; if (error) throw error;

View File

@ -21,25 +21,6 @@ async function localPost({ options, dbSchema }) {
const { query, tableName, queryValues } = options; const { query, tableName, queryValues } = options;
const dbFullName = process.env.DSQL_DB_NAME || ""; const dbFullName = process.env.DSQL_DB_NAME || "";
/**
* Input Validation
*
* @description Input Validation
*/
if (
typeof query === "string" &&
query?.match(/^create |^alter |^drop /i)
) {
return { success: false, msg: "Wrong Input" };
}
if (
typeof query === "object" &&
query?.action?.match(/^create |^alter |^drop /i)
) {
return { success: false, msg: "Wrong Input" };
}
/** /**
* Create new user folder and file * Create new user folder and file
* *

View File

@ -94,6 +94,23 @@ async function runQuery({
.replace(/ {2,}/g, " ") .replace(/ {2,}/g, " ")
.trim(); .trim();
/**
* Input Validation
*
* @description Input Validation
*/
if (
readOnly &&
(formattedQuery.match(
/^alter|^delete|information_schema|databases|^create/i
) ||
!formattedQuery.match(/^select|^\( ?select/i))
) {
throw new Error("Wrong Input!");
}
console.log("formattedQuery =>", formattedQuery);
if (local) { if (local) {
const rawResults = await LOCAL_DB_HANDLER( const rawResults = await LOCAL_DB_HANDLER(
formattedQuery, formattedQuery,

View File

@ -1,6 +1,6 @@
{ {
"name": "@moduletrace/datasquirel", "name": "@moduletrace/datasquirel",
"version": "2.6.9", "version": "2.7.0",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"bin": { "bin": {