feat(sql): SQL Injection

2025-11-06 16:44:28 +01:00
parent 10110071eb
commit 59d6c911f9
14 changed files with 430 additions and 483 deletions
--- a/build/drop.go
+++ b/build/drop.go
@@ -4,15 +4,13 @@ import (
 	"fmt"

 	"git.secnex.io/secnex/pgson/schema"
-	"git.secnex.io/secnex/pgson/utils"
+	"git.secnex.io/secnex/pgson/sql"
 )

-func DropSQL(s *schema.Table) (string, error) {
-	if s == nil {
-		return "", fmt.Errorf("nil table provided")
+func DropTable(s *schema.Table) (*string, error) {
+	if err := sql.ValidateIdent(s.Name); err != nil {
+		return nil, err
 	}
-	if s.Name == "" || !utils.IsValidIdentifier(s.Name) {
-		return "", fmt.Errorf("invalid table name: %q", s.Name)
-	}
-	return fmt.Sprintf("DROP TABLE IF EXISTS %s", utils.SQLQuoteIdent(s.Name)), nil
+	ddl := fmt.Sprintf(sql.DDL_DROP_TABLE, sql.QuoteIdent(s.Name))
+	return &ddl, nil
 }