Class: CodeToQuery::Guardrails::SqlLinter

Inherits:

Object

• Object
• CodeToQuery::Guardrails::SqlLinter

Defined in:

lib/code_to_query/guardrails/sql_linter.rb

Instance Method Summary

• #check!(sql) ⇒ Object
• #initialize(config, allow_tables: nil) ⇒ SqlLinter constructor

  A new instance of SqlLinter.

Constructor Details

#initialize(config, allow_tables: nil) ⇒ SqlLinter

Returns a new instance of SqlLinter.

# File 'lib/code_to_query/guardrails/sql_linter.rb', line 6

def initialize(config, allow_tables: nil)
  @config = config
  # normalize allowlist to lowercase for case-insensitive comparison
  @allow_tables = Array(allow_tables).compact.map { |t| t.to_s.downcase }
end

Instance Method Details

#check!(sql) ⇒ Object

# File 'lib/code_to_query/guardrails/sql_linter.rb', line 12

def check!(sql)
  normalized = sql.to_s.strip.gsub(/\s+/, ' ')

  check_statement_type!(normalized)
  check_dangerous_patterns!(normalized)
  check_required_limit!(normalized)
  check_table_allowlist!(normalized) if @allow_tables.any?
  check_no_literals!(normalized)
  check_no_dangerous_functions!(normalized)
  check_no_subqueries!(normalized) if @config.block_subqueries
  check_join_complexity!(normalized)

  true
end