SecNex/pgson
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat(sql): SQL Injection

Browse Source
This commit is contained in:
Björn Benouarets
2025-11-06 16:44:28 +01:00
parent 10110071eb
commit 59d6c911f9
14 changed files with 430 additions and 483 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
build/truncate.go
View File

@@ -4,23 +4,13 @@ import (
"fmt"
"git.secnex.io/secnex/pgson/schema"
"git.secnex.io/secnex/pgson/utils"
"git.secnex.io/secnex/pgson/sql"
)
func TruncateSQL(s *schema.Table, cascade bool, restartIdentity bool) (string, error) {
if s == nil {
return "", fmt.Errorf("nil table provided")
func TruncateTable(s *schema.Table) (*string, error) {
if err := sql.ValidateIdent(s.Name); err != nil {
return nil, err
}
if s.Name == "" || !utils.IsValidIdentifier(s.Name) {
return "", fmt.Errorf("invalid table name: %q", s.Name)
}
query := fmt.Sprintf("TRUNCATE TABLE %s", utils.SQLQuoteIdent(s.Name))
if restartIdentity {
query += " RESTART IDENTITY"
}
if cascade {
query += " CASCADE"
}
return query, nil
ddl := fmt.Sprintf(sql.DDL_TRUNCATE_TABLE, sql.QuoteIdent(s.Name))
return &ddl, nil
}