ahdan.zeeda.0103/api_antrean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updat erubhan besar query builder

Browse Source
This commit is contained in:
meninjar
2025-11-02 03:08:38 +00:00
parent 0002cf26be
commit 19324041b8
13 changed files with 2916 additions and 842 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/utils/query/builder.go
+12 -8
View File
@@ -472,9 +472,9 @@ func (qb *QueryBuilder) BuildQuery(query DynamicQuery) (string, []interface{}, e
finalSQL := strings.Join(queryParts, " ")
// Security check for dangerous patterns
// Security check for dangerous patterns in user input values
if qb.enableSecurityChecks {
if err := qb.checkForSqlInjection(finalSQL); err != nil {
if err := qb.checkForSqlInjectionInArgs(allArgs); err != nil {
return "", nil, err
}
}
@@ -1327,16 +1327,20 @@ func (qb *QueryBuilder) escapeIdentifier(col string) string {
}
}
// checkForSqlInjection checks for potential SQL injection patterns
func (qb *QueryBuilder) checkForSqlInjection(sql string) error {
// checkForSqlInjectionInArgs checks for potential SQL injection patterns in query arguments
func (qb *QueryBuilder) checkForSqlInjectionInArgs(args []interface{}) error {
if !qb.enableSecurityChecks {
return nil
}
lowerSQL := strings.ToLower(sql)
for _, pattern := range qb.dangerousPatterns {
if pattern.MatchString(lowerSQL) {
return fmt.Errorf("potential SQL injection detected: pattern %s matched", pattern.String())
for _, arg := range args {
if str, ok := arg.(string); ok {
lowerStr := strings.ToLower(str)
for _, pattern := range qb.dangerousPatterns {
if pattern.MatchString(lowerStr) {
return fmt.Errorf("potential SQL injection detected in query argument: pattern %s matched", pattern.String())
}
}
}
}
return nil