util

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

internal/util/identifiers.go

internal/util/sql_parser.go

internal/util/sql_validator.go

Index

Constants

This section is empty.

Variables

View Source 
var DangerousFunctions = map[string]bool{

	"sleep":     true,
	"benchmark": true,

	"get_lock":          true,
	"release_lock":      true,
	"is_free_lock":      true,
	"is_used_lock":      true,
	"release_all_locks": true,

	"load_file": true,

	"sys_eval": true,
	"sys_exec": true,
}

DangerousFunctions lists MySQL functions that should be blocked even in SELECT statements.

View Source 
var DangerousSchemas = map[string]bool{
	"mysql":              true,
	"information_schema": true,
	"performance_schema": true,
	"sys":                true,
}

DangerousSchemas lists schemas that should not be accessible.

Functions

func IsReadOnlySQL 

func IsReadOnlySQL(sqlText string) bool

IsReadOnlySQL is a convenience wrapper for ValidateSQL.

func MaskDSN 

func MaskDSN(dsn string) string

MaskDSN hides password in DSN for display. DSN format: user:password@tcp(host:port)/database

func NormalizeValue 

func NormalizeValue(v interface{}) interface{}

NormalizeValue converts raw DB value into something JSON-friendly.

func QuoteIdent 

func QuoteIdent(name string) (string, error)

QuoteIdent safely quotes a MySQL identifier, returning an error if the name contains potentially dangerous characters.

func TruncateQuery 

func TruncateQuery(query string, maxLen int) string

TruncateQuery truncates a query string to maxLen characters.

func ValidateSQL 

func ValidateSQL(sqlText string) error

ValidateSQL performs comprehensive SQL safety validation.

func ValidateSQLCombined added in v1.3.0 

func ValidateSQLCombined(sqlText string) error

ValidateSQLCombined performs both parser-based and regex-based validation. This provides defense-in-depth: the parser catches structural issues, while regex catches edge cases the parser might miss.

func ValidateSQLWithParser added in v1.3.0 

func ValidateSQLWithParser(sqlText string) error

ValidateSQLWithParser performs SQL validation using a proper SQL parser. This is more robust than regex-based validation as it understands SQL syntax.

func ValidateSelectColumns 

func ValidateSelectColumns(selectStr string) (string, error)

ValidateSelectColumns validates and quotes column names in a SELECT list. Accepts: "col1, col2, col3" or "col1 AS alias, col2" Returns quoted column string or error if invalid.

func ValidateWhereClause 

func ValidateWhereClause(where string) error

ValidateWhereClause checks a WHERE clause for SQL injection attempts. This is a defense-in-depth measure - the primary protection is the read-only MySQL user, but we still block obvious injection patterns.

Types

type ParserValidationError added in v1.3.0 

type ParserValidationError struct {
	Reason    string
	Statement string
}

ParserValidationError contains details about why a query was rejected by the parser.

func (*ParserValidationError) Error added in v1.3.0 

func (e *ParserValidationError) Error() string

type SQLValidationError 

type SQLValidationError struct {
	Reason  string
	Pattern string
}

SQLValidationError contains details about why a query was rejected.

func (*SQLValidationError) Error 

func (e *SQLValidationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.