Documentation
¶
Overview ¶
Package guard provides SQL injection prevention utilities for Quark ORM. It validates identifiers, operators, and raw queries against known-safe patterns.
Index ¶
- func HasPlaceholders(query string) bool
- type Quoter
- type SQLGuard
- func (g *SQLGuard) QuoteIdentifier(q Quoter, name string) (string, error)
- func (g *SQLGuard) ValidateIdentifier(name string) error
- func (g *SQLGuard) ValidateIdentifiers(names ...string) error
- func (g *SQLGuard) ValidateOperator(op string) error
- func (g *SQLGuard) ValidateRawQuery(query string, requirePlaceholders bool) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HasPlaceholders ¶
HasPlaceholders checks if a query string contains parameter placeholders.
Types ¶
type Quoter ¶
Quoter is a minimal interface for quoting SQL identifiers. It avoids a circular import with the dialect package.
type SQLGuard ¶
type SQLGuard struct {
// contains filtered or unexported fields
}
SQLGuard provides security validations for SQL queries. It prevents SQL injection by validating identifiers and enforcing safe practices.
func (*SQLGuard) QuoteIdentifier ¶
QuoteIdentifier validates and quotes an identifier using the provided Quoter.
func (*SQLGuard) ValidateIdentifier ¶
ValidateIdentifier checks if a table or column identifier is safe to use.
func (*SQLGuard) ValidateIdentifiers ¶
ValidateIdentifiers checks multiple identifiers at once.
func (*SQLGuard) ValidateOperator ¶
ValidateOperator checks if an operator is in the allowed whitelist.
Source Files