arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix: remove sql injection

Browse Source
This commit is contained in:
Deluan
2020-03-25 20:33:32 -04:00
committed by Deluan Quintão
parent dc973ae670
commit 5331732236
5 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
persistence/helpers.go
+15 -5
View File
@@ -5,6 +5,8 @@ import (
"fmt"
"regexp"
"strings"
"github.com/Masterminds/squirrel"
)
func toSqlArgs(rec interface{}) (map[string]interface{}, error) {
@@ -33,9 +35,17 @@ func toSnakeCase(str string) string {
return strings.ToLower(snake)
}
type exist string
func (e exist) ToSql() (string, []interface{}, error) {
sql := fmt.Sprintf("exists (select 1 %s)", e)
return sql, nil, nil
func Exists(subTable string, cond squirrel.Sqlizer) exists {
return exists{subTable: subTable, cond: cond}
}
type exists struct {
subTable string
cond squirrel.Sqlizer
}
func (e exists) ToSql() (string, []interface{}, error) {
sql, args, err := e.cond.ToSql()
sql = fmt.Sprintf("exists (select 1 from %s where %s)", e.subTable, sql)
return sql, args, err
}