safesql

package
v0.0.0-...-f115076 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 4

Documentation

Overview

Package safesql implements a safe version of the standard sql package while trying to keep the API as similar as possible to the original one. The concept of this package is to provide "safe by construction" SQL strings so that code that would accidentally introduce SQL injection vulnerabilities does not compile. If uncheckedconversions and legacyconversions are not used and the sql package is forbidden this package guarantees that only compile-time constants will be interpreted as SQL, thus preventing attacker-controlled strings to be accidentally executed.

Migration Examples

Code like the following is trivial to migrate from sql to safesql: 

db.Query("SELECT ...", args...)

The only change required would be to promote the string literal to a trusted string: 

db.Query(safesql.New("SELECT ..."), args...)

For more complicated cases it might be needed to use the helper functions like Join and Concat. If the queries for the service are stored in a trusted runtime-only source that cannot be controlled by a user the uncheckedconversions package can be used to assert that those strings are under the programmer control. Note that unchecked conversions should be very limited, ideally never used, as they pose a security risk.

Note on API documentation.

For documentation on methods and types that wrap the standard ones please refer to the stdlib package doc instead, as all the types exported by this package are tiny wrappers around the standard ones and thus follow their behavior. The only relevant difference is that functions accept TrustedSQLString instances instead of plain "strings" and that some dangerous methods have been removed.

Explainer

This package wraps the sql package and all methods that would normally take a string take a TrustedSQLString instead. The constructor for TrustedSQLString takes a stringConstant as an argument, which is an unexported type constituted by a named string. The only way for a package outside of safesql to construct a TrustedSQLString is thus to pass an untyped string (only const strings can be untyped) to the constructor.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Drivers 

func Drivers() []string

Drivers is a tiny wrapper for https://pkg.go.dev/sql#Drivers

func Register 

func Register(name string, driver driver.Driver)

Register is a tiny wrapper for https://pkg.go.dev/sql#Register

Types

type ColumnType 

type ColumnType = sql.ColumnType

ColumnType is a tiny wrapper for https://pkg.go.dev/sql#ColumnType

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

Conn behaves as the standard SQL package one, with the exception that it does not implement the `Raw` method for security reasons. Please see https://pkg.go.dev/sql#Conn

func (Conn) BeginTx 

func (c Conn) BeginTx(ctx context.Context, opts *TxOptions) (Tx, error)

Begin is a tiny wrapper for https://pkg.go.dev/sql#Conn.Begin

func (Conn) Close 

func (c Conn) Close() error

Close is a tiny wrapper for https://pkg.go.dev/sql#Conn.Close

func (Conn) ExecContext 

func (c Conn) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.ExecContext

func (Conn) PingContext 

func (c Conn) PingContext(ctx context.Context) error

PingContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.PingContext

func (Conn) PrepareContext 

func (c Conn) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.PrepareContext

func (Conn) QueryContext 

func (c Conn) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.QueryContext

func (Conn) QueryRowContext 

func (c Conn) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.QueryRowContext

type DB 

type DB struct {
	// contains filtered or unexported fields
}

DB behaves as the standard SQL package one, with the exception that it does not implement the `Driver` method for security reasons. Please see https://pkg.go.dev/sql#DB

func Open 

func Open(driverName, dataSourceName string) (DB, error)

Open is a tiny wrapper for https://pkg.go.dev/sql#Open

func OpenDB 

func OpenDB(c driver.Connector) DB

OpenDB is a tiny wrapper for https://pkg.go.dev/sql#OpenDB

func (DB) Begin 

func (db DB) Begin() (Tx, error)

Begin is a tiny wrapper for https://pkg.go.dev/sql#DB.Begin

func (DB) BeginTx 

func (db DB) BeginTx(ctx context.Context, opts *TxOptions) (Tx, error)

BeginTx is a tiny wrapper for https://pkg.go.dev/sql#DB.BeginTx

func (DB) Close 

func (db DB) Close() error

Close is a tiny wrapper for https://pkg.go.dev/sql#DB.Close

func (DB) Conn 

func (db DB) Conn(ctx context.Context) (Conn, error)

Conn is a tiny wrapper for https://pkg.go.dev/sql#DB.Conn

func (DB) Exec 

func (db DB) Exec(query TrustedSQLString, args ...interface{}) (Result, error)

Exec is a tiny wrapper for https://pkg.go.dev/sql#DB.Exec

func (DB) ExecContext 

func (db DB) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/sql#DB.ExecContext

func (DB) Ping 

func (db DB) Ping() error

Ping is a tiny wrapper for https://pkg.go.dev/sql#DB.Ping

func (DB) PingContext 

func (db DB) PingContext(ctx context.Context) error

PingContext is a tiny wrapper for https://pkg.go.dev/sql#DB.PingContext

func (DB) Prepare 

func (db DB) Prepare(query TrustedSQLString) (*Stmt, error)

Prepare is a tiny wrapper for https://pkg.go.dev/sql#DB.Prepare

func (DB) PrepareContext 

func (db DB) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#DB.PrepareContext

func (DB) Query 

func (db DB) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)

Query is a tiny wrapper for https://pkg.go.dev/sql#DB.Query

func (DB) QueryContext 

func (db DB) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryContext

func (DB) QueryRow 

func (db DB) QueryRow(query TrustedSQLString, args ...interface{}) *Row

QueryRow is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryRow

func (DB) QueryRowContext 

func (db DB) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryRowContext

func (DB) SetConnMaxIdleTime 

func (db DB) SetConnMaxIdleTime(d time.Duration)

SetConnMaxIdleTime is a tiny wrapper for https://pkg.go.dev/sql#DB.SetConnMaxIdleTime

func (DB) SetConnMaxLifetime 

func (db DB) SetConnMaxLifetime(d time.Duration)

SetConnMaxLifetime is a tiny wrapper for https://pkg.go.dev/sql#DB.SetConnMaxLifetime

func (DB) SetMaxIdleConns 

func (db DB) SetMaxIdleConns(n int)

SetMaxIdleConns is a tiny wrapper for https://pkg.go.dev/sql#DB.SetMaxIdleConns

func (DB) SetMaxOpenConns 

func (db DB) SetMaxOpenConns(n int)

SetMaxOpenConns is a tiny wrapper for https://pkg.go.dev/sql#DB.SetMaxOpenConns

func (DB) Stats 

func (db DB) Stats() DBStats

Stats is a tiny wrapper for https://pkg.go.dev/sql#DB.Stats

type DBStats 

type DBStats = sql.DBStats

DBStats is a tiny wrapper for https://pkg.go.dev/sql#DBStats

type IsolationLevel 

type IsolationLevel = sql.IsolationLevel

IsolationLevel is a tiny wrapper for https://pkg.go.dev/sql#IsolationLevel

type NamedArg 

type NamedArg = sql.NamedArg

NamedArg is a tiny wrapper for https://pkg.go.dev/sql#NamedArg

type NullBool 

type NullBool = sql.NullBool

NullBool is a tiny wrapper for https://pkg.go.dev/sql#NullBool

type NullFloat64 

type NullFloat64 = sql.NullFloat64

NullFloat64 is a tiny wrapper for https://pkg.go.dev/sql#NullFloat64

type NullInt32 

type NullInt32 = sql.NullInt32

NullInt32 is a tiny wrapper for https://pkg.go.dev/sql#NullInt32

type NullInt64 

type NullInt64 = sql.NullInt64

NullInt64 is a tiny wrapper for https://pkg.go.dev/sql#NullInt64

type NullString 

type NullString = sql.NullString

NullString is a tiny wrapper for https://pkg.go.dev/sql#NullString

type NullTime 

type NullTime = sql.NullTime

NullTime is a tiny wrapper for https://pkg.go.dev/sql#NullTime

type Out 

type Out = sql.Out

Out is a tiny wrapper for https://pkg.go.dev/sql#Out

type RawBytes 

type RawBytes = sql.RawBytes

RawBytes is a tiny wrapper for https://pkg.go.dev/sql#RawBytes

type Result 

type Result = sql.Result

Result is a tiny wrapper for https://pkg.go.dev/sql#Result

type Row 

type Row = sql.Row

Row is a tiny wrapper for https://pkg.go.dev/sql#Row

type Rows 

type Rows = sql.Rows

Rows is a tiny wrapper for https://pkg.go.dev/sql#Rows

type Scanner 

type Scanner = sql.Scanner

Scanner is a tiny wrapper for https://pkg.go.dev/sql#Scanner

type Stmt 

type Stmt = sql.Stmt

Stmt is a tiny wrapper for https://pkg.go.dev/sql#Stmt

type TrustedSQLString 

type TrustedSQLString struct {
	// contains filtered or unexported fields
}

TrustedSQLString is a string representing a SQL query that is known to be safe and not contain potentially malicious inputs.

func New 

func New(text stringConstant) TrustedSQLString

New constructs a TrustedSQLString from a compile-time constant string. Since the stringConstant type is unexported the only way to call this function outside of this package is to pass a string literal or an untyped string const.

func NewFromUint64 

func NewFromUint64(i uint64) TrustedSQLString

NewFromUint64 constructs a TrustedSQLString from a uint64.

func TrustedSQLStringConcat 

func TrustedSQLStringConcat(ss ...TrustedSQLString) TrustedSQLString

TrustedSQLStringConcat concatenates the given trusted SQL strings into a trusted string.

Note: this function should not be abused to create arbitrary queries from user input, it is just intended as a helper to compose queries at runtime to avoid redundant constants.

func TrustedSQLStringJoin 

func TrustedSQLStringJoin(ss []TrustedSQLString, sep TrustedSQLString) TrustedSQLString

TrustedSQLStringJoin joins the given trusted SQL with the given separator the same way strings.Join would.

Note: this function should not be abused to create arbitrary queries from user input, it is just intended as a helper to compose queries at runtime to avoid redundant constants.

func TrustedSQLStringSplit 

func TrustedSQLStringSplit(s TrustedSQLString, sep TrustedSQLString) []TrustedSQLString

TrustedSQLStringSplit functions as strings.Split but for TrustedSQLStrings.

func (TrustedSQLString) String 

func (t TrustedSQLString) String() string

type Tx 

type Tx struct {
	// contains filtered or unexported fields
}

Tx is a tiny wrapper for https://pkg.go.dev/sql#Tx

func (Tx) Commit 

func (tx Tx) Commit() error

Commit is a tiny wrapper for https://pkg.go.dev/sql#Tx.Commit

func (Tx) Exec 

func (tx Tx) Exec(query TrustedSQLString, args ...interface{}) (Result, error)

Exec is a tiny wrapper for https://pkg.go.dev/sql#Tx.Exec

func (Tx) ExecContext 

func (tx Tx) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.ExecContext

func (Tx) Prepare 

func (tx Tx) Prepare(query TrustedSQLString) (*Stmt, error)

Prepare is a tiny wrapper for https://pkg.go.dev/sql#Tx.Prepare

func (Tx) PrepareContext 

func (tx Tx) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.PrepareContext

func (Tx) Query 

func (tx Tx) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)

Query is a tiny wrapper for https://pkg.go.dev/sql#Tx.Query

func (Tx) QueryContext 

func (tx Tx) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryContext

func (Tx) QueryRow 

func (tx Tx) QueryRow(query TrustedSQLString, args ...interface{}) *Row

QueryRow is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryRow

func (Tx) QueryRowContext 

func (tx Tx) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryRowContext

func (Tx) Rollback 

func (tx Tx) Rollback() error

Rollback is a tiny wrapper for https://pkg.go.dev/sql#Tx.Rollback

func (Tx) Stmt 

func (tx Tx) Stmt(stmt *Stmt) *Stmt

Stmt is a tiny wrapper for https://pkg.go.dev/sql#Tx.Stmt

func (Tx) StmtContext 

func (tx Tx) StmtContext(ctx context.Context, stmt *Stmt) *Stmt

StmtContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.StmtContext

type TxOptions 

type TxOptions = sql.TxOptions

TxOptions is a tiny wrapper for https://pkg.go.dev/sql#TxOptions

Source Files

View all Source files

Directories

Path Synopsis
internal
raw
Package raw is used to provide a bypass mechanism to implement unchecked and legacy conversions packages.
 Package raw is used to provide a bypass mechanism to implement unchecked and legacy conversions packages.
Package legacyconversions provides functions to create values of package safesql types from plain strings.
 Package legacyconversions provides functions to create values of package safesql types from plain strings.
Package uncheckedconversions provides functions to create values of package safesql types from plain strings.
 Package uncheckedconversions provides functions to create values of package safesql types from plain strings.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.