Class: Dbviewer::Validator::Sql

Inherits:

Object

• Object
• Dbviewer::Validator::Sql

Defined in:

lib/dbviewer/validator/sql.rb,
lib/dbviewer/validator/sql/threat_detector.rb,
lib/dbviewer/validator/sql/query_normalizer.rb,
lib/dbviewer/validator/sql/validation_config.rb,
lib/dbviewer/validator/sql/validation_result.rb

Overview

Sql class handles SQL query validation and normalization to ensure queries are safe (read-only) and properly formatted. This helps prevent potentially destructive SQL operations.

Defined Under Namespace

Modules: QueryNormalizer, ThreatDetector, ValidationConfig Classes: ValidationResult

Class Method Summary

• .safe_query?(sql) ⇒ Boolean

  Determines if a query is safe (read-only).

• .validate!(sql) ⇒ String

  Validates a query and raises an exception if it’s unsafe.

Class Method Details

.safe_query?(sql) ⇒ Boolean

Determines if a query is safe (read-only)

Parameters:

• sql (String) —

  The SQL query to validate

Returns:

• (Boolean) —

  true if the query is safe, false otherwise

# File 'lib/dbviewer/validator/sql.rb', line 19

def safe_query?(sql)
  result = validate_query(sql, allow_pragma: false)
  result.success?
end

.validate!(sql) ⇒ String

Validates a query and raises an exception if it’s unsafe

Parameters:

• sql (String) —

  The SQL query to validate

Returns:

• (String) —

  The normalized SQL query if it’s safe

Raises:

• (SecurityError) —

  if the query is unsafe

# File 'lib/dbviewer/validator/sql.rb', line 28

def validate!(sql)
  result = validate_query(sql, allow_pragma: true)

  if result.failure?
    raise SecurityError, result.error_message
  end

  result.normalized_sql
end