sqlguard

package
v0.16.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrDangerousSql   = errors.New("dangerous sql detected")
	ErrSqlParseFailed = errors.New("failed to parse sql")
)

Functions

func IsWhitelisted 

func IsWhitelisted(ctx context.Context) bool

IsWhitelisted returns true if the context is marked to skip SQL guard checks.

func WithWhitelist 

func WithWhitelist(ctx context.Context) context.Context

WithWhitelist marks the context to skip SQL guard checks.

Types

type Config 

type Config struct {
	Enabled bool
}

Config holds the configuration for the SQL guard.

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns the default SQL guard configuration.

type DeleteWithoutWhereRule 

type DeleteWithoutWhereRule struct{}

DeleteWithoutWhereRule blocks DELETE statements without WHERE clause.

func (*DeleteWithoutWhereRule) Check 

func (r *DeleteWithoutWhereRule) Check(astNode *ast.AST) *Violation

func (*DeleteWithoutWhereRule) Name 

func (r *DeleteWithoutWhereRule) Name() string

type DropStatementRule 

type DropStatementRule struct{}

DropStatementRule blocks DROP statements.

func (*DropStatementRule) Check 

func (r *DropStatementRule) Check(astNode *ast.AST) *Violation

func (*DropStatementRule) Name 

func (r *DropStatementRule) Name() string

type Guard 

type Guard struct {
	// contains filtered or unexported fields
}

Guard coordinates sql rule checking.

func NewGuard 

func NewGuard(logger log.Logger, rules ...Rule) *Guard

NewGuard creates a new sql guard with the given rules. If no rules are provided, the default rules are used.

func (*Guard) Check 

func (g *Guard) Check(sql string) error

Check validates the sql statement against all rules. Returns nil if the sql is safe, or an error if a violation is detected.

type GuardError 

type GuardError struct {
	Err       error
	Violation *Violation
	Sql       string
}

GuardError wraps a sql guard error with additional context.

func (*GuardError) Error 

func (e *GuardError) Error() string

func (*GuardError) Unwrap 

func (e *GuardError) Unwrap() error

type Rule 

type Rule interface {
	Name() string
	Check(astNode *ast.AST) *Violation
}

Rule defines the interface for SQL checking rules.

func DefaultRules 

func DefaultRules() []Rule

DefaultRules returns the default set of SQL checking rules.

type TruncateStatementRule 

type TruncateStatementRule struct{}

TruncateStatementRule blocks TRUNCATE statements.

func (*TruncateStatementRule) Check 

func (r *TruncateStatementRule) Check(astNode *ast.AST) *Violation

func (*TruncateStatementRule) Name 

func (r *TruncateStatementRule) Name() string

type Violation 

type Violation struct {
	Rule        string
	Statement   string
	Description string
}

Violation represents a SQL rule violation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.