Documentation ¶
Overview ¶
Package safesql implements a safe version of the standard sql package while trying to keep the API as similar as possible to the original one. The concept of this package is to provide "safe by construction" SQL strings so that code that would accidentally introduce SQL injection vulnerabilities does not compile. If uncheckedconversions and legacyconversions are not used and the sql package is forbidden this package guarantees that only compile-time constants will be interpreted as SQL, thus preventing attacker-controlled strings to be accidentally executed.
Migration Examples ¶
Code like the following is trivial to migrate from sql to safesql:
db.Query("SELECT ...", args...)
The only change required would be to promote the string literal to a trusted string:
db.Query(safesql.New("SELECT ..."), args...)
For more complicated cases it might be needed to use the helper functions like Join and Concat. If the queries for the service are stored in a trusted runtime-only source that cannot be controlled by a user the uncheckedconversions package can be used to assert that those strings are under the programmer control. Note that unchecked conversions should be very limited, ideally never used, as they pose a security risk.
Note on API documentation.
For documentation on methods and types that wrap the standard ones please refer to the stdlib package doc instead, as all the types exported by this package are tiny wrappers around the standard ones and thus follow their behavior. The only relevant difference is that functions accept TrustedSQLString instances instead of plain "strings" and that some dangerous methods have been removed.
Explainer ¶
This package wraps the sql package and all methods that would normally take a string take a TrustedSQLString instead. The constructor for TrustedSQLString takes a stringConstant as an argument, which is an unexported type constituted by a named string. The only way for a package outside of safesql to construct a TrustedSQLString is thus to pass an untyped string (only const strings can be untyped) to the constructor.
Index ¶
- func Drivers() []string
- func Register(name string, driver driver.Driver)
- type ColumnType
- type Conn
- func (c Conn) BeginTx(ctx context.Context, opts *TxOptions) (Tx, error)
- func (c Conn) Close() error
- func (c Conn) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
- func (c Conn) PingContext(ctx context.Context) error
- func (c Conn) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)
- func (c Conn) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
- func (c Conn) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
- type DB
- func (db DB) Begin() (Tx, error)
- func (db DB) BeginTx(ctx context.Context, opts *TxOptions) (Tx, error)
- func (db DB) Close() error
- func (db DB) Conn(ctx context.Context) (Conn, error)
- func (db DB) Exec(query TrustedSQLString, args ...interface{}) (Result, error)
- func (db DB) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
- func (db DB) Ping() error
- func (db DB) PingContext(ctx context.Context) error
- func (db DB) Prepare(query TrustedSQLString) (*Stmt, error)
- func (db DB) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)
- func (db DB) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)
- func (db DB) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
- func (db DB) QueryRow(query TrustedSQLString, args ...interface{}) *Row
- func (db DB) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
- func (db DB) SetConnMaxIdleTime(d time.Duration)
- func (db DB) SetConnMaxLifetime(d time.Duration)
- func (db DB) SetMaxIdleConns(n int)
- func (db DB) SetMaxOpenConns(n int)
- func (db DB) Stats() DBStats
- type DBStats
- type IsolationLevel
- type NamedArg
- type NullBool
- type NullFloat64
- type NullInt32
- type NullInt64
- type NullString
- type NullTime
- type Out
- type RawBytes
- type Result
- type Row
- type Rows
- type Scanner
- type Stmt
- type TrustedSQLString
- func New(text stringConstant) TrustedSQLString
- func NewFromUint64(i uint64) TrustedSQLString
- func TrustedSQLStringConcat(ss ...TrustedSQLString) TrustedSQLString
- func TrustedSQLStringJoin(ss []TrustedSQLString, sep TrustedSQLString) TrustedSQLString
- func TrustedSQLStringSplit(s TrustedSQLString, sep TrustedSQLString) []TrustedSQLString
- type Tx
- func (tx Tx) Commit() error
- func (tx Tx) Exec(query TrustedSQLString, args ...interface{}) (Result, error)
- func (tx Tx) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
- func (tx Tx) Prepare(query TrustedSQLString) (*Stmt, error)
- func (tx Tx) PrepareContext(ctx context.Context, query TrustedSQLString) (*Stmt, error)
- func (tx Tx) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)
- func (tx Tx) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
- func (tx Tx) QueryRow(query TrustedSQLString, args ...interface{}) *Row
- func (tx Tx) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
- func (tx Tx) Rollback() error
- func (tx Tx) Stmt(stmt *Stmt) *Stmt
- func (tx Tx) StmtContext(ctx context.Context, stmt *Stmt) *Stmt
- type TxOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ColumnType ¶
type ColumnType = sql.ColumnType
ColumnType is a tiny wrapper for https://pkg.go.dev/sql#ColumnType
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
Conn behaves as the standard SQL package one, with the exception that it does not implement the `Raw` method for security reasons. Please see https://pkg.go.dev/sql#Conn
func (Conn) BeginTx ¶
Begin is a tiny wrapper for https://pkg.go.dev/sql#Conn.Begin
func (Conn) Close ¶
Close is a tiny wrapper for https://pkg.go.dev/sql#Conn.Close
func (Conn) ExecContext ¶
func (c Conn) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
ExecContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.ExecContext
func (Conn) PingContext ¶
PingContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.PingContext
func (Conn) PrepareContext ¶
PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.PrepareContext
func (Conn) QueryContext ¶
func (c Conn) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
QueryContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.QueryContext
func (Conn) QueryRowContext ¶
func (c Conn) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#Conn.QueryRowContext
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB behaves as the standard SQL package one, with the exception that it does not implement the `Driver` method for security reasons. Please see https://pkg.go.dev/sql#DB
func Open ¶
Open is a tiny wrapper for https://pkg.go.dev/sql#Open
func OpenDB ¶
OpenDB is a tiny wrapper for https://pkg.go.dev/sql#OpenDB
func (DB) Begin ¶
Begin is a tiny wrapper for https://pkg.go.dev/sql#DB.Begin
func (DB) BeginTx ¶
BeginTx is a tiny wrapper for https://pkg.go.dev/sql#DB.BeginTx
func (DB) Close ¶
Close is a tiny wrapper for https://pkg.go.dev/sql#DB.Close
func (DB) Conn ¶
Conn is a tiny wrapper for https://pkg.go.dev/sql#DB.Conn
func (DB) Exec ¶
func (db DB) Exec(query TrustedSQLString, args ...interface{}) (Result, error)
Exec is a tiny wrapper for https://pkg.go.dev/sql#DB.Exec
func (DB) ExecContext ¶
func (db DB) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
ExecContext is a tiny wrapper for https://pkg.go.dev/sql#DB.ExecContext
func (DB) Ping ¶
Ping is a tiny wrapper for https://pkg.go.dev/sql#DB.Ping
func (DB) PingContext ¶
PingContext is a tiny wrapper for https://pkg.go.dev/sql#DB.PingContext
func (DB) Prepare ¶
func (db DB) Prepare(query TrustedSQLString) (*Stmt, error)
Prepare is a tiny wrapper for https://pkg.go.dev/sql#DB.Prepare
func (DB) PrepareContext ¶
PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#DB.PrepareContext
func (DB) Query ¶
func (db DB) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)
Query is a tiny wrapper for https://pkg.go.dev/sql#DB.Query
func (DB) QueryContext ¶
func (db DB) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
QueryContext is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryContext
func (DB) QueryRow ¶
func (db DB) QueryRow(query TrustedSQLString, args ...interface{}) *Row
QueryRow is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryRow
func (DB) QueryRowContext ¶
func (db DB) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#DB.QueryRowContext
func (DB) SetConnMaxIdleTime ¶
SetConnMaxIdleTime is a tiny wrapper for https://pkg.go.dev/sql#DB.SetConnMaxIdleTime
func (DB) SetConnMaxLifetime ¶
SetConnMaxLifetime is a tiny wrapper for https://pkg.go.dev/sql#DB.SetConnMaxLifetime
func (DB) SetMaxIdleConns ¶
SetMaxIdleConns is a tiny wrapper for https://pkg.go.dev/sql#DB.SetMaxIdleConns
func (DB) SetMaxOpenConns ¶
SetMaxOpenConns is a tiny wrapper for https://pkg.go.dev/sql#DB.SetMaxOpenConns
func (DB) Stats ¶
Stats is a tiny wrapper for https://pkg.go.dev/sql#DB.Stats
type DBStats ¶
DBStats is a tiny wrapper for https://pkg.go.dev/sql#DBStats
type IsolationLevel ¶
type IsolationLevel = sql.IsolationLevel
IsolationLevel is a tiny wrapper for https://pkg.go.dev/sql#IsolationLevel
type NamedArg ¶
NamedArg is a tiny wrapper for https://pkg.go.dev/sql#NamedArg
type NullBool ¶
NullBool is a tiny wrapper for https://pkg.go.dev/sql#NullBool
type NullFloat64 ¶
type NullFloat64 = sql.NullFloat64
NullFloat64 is a tiny wrapper for https://pkg.go.dev/sql#NullFloat64
type NullInt32 ¶
NullInt32 is a tiny wrapper for https://pkg.go.dev/sql#NullInt32
type NullInt64 ¶
NullInt64 is a tiny wrapper for https://pkg.go.dev/sql#NullInt64
type NullString ¶
type NullString = sql.NullString
NullString is a tiny wrapper for https://pkg.go.dev/sql#NullString
type NullTime ¶
NullTime is a tiny wrapper for https://pkg.go.dev/sql#NullTime
type RawBytes ¶
RawBytes is a tiny wrapper for https://pkg.go.dev/sql#RawBytes
type Scanner ¶
Scanner is a tiny wrapper for https://pkg.go.dev/sql#Scanner
type TrustedSQLString ¶
type TrustedSQLString struct {
// contains filtered or unexported fields
}
TrustedSQLString is a string representing a SQL query that is known to be safe and not contain potentially malicious inputs.
func New ¶
func New(text stringConstant) TrustedSQLString
New constructs a TrustedSQLString from a compile-time constant string. Since the stringConstant type is unexported the only way to call this function outside of this package is to pass a string literal or an untyped string const.
func NewFromUint64 ¶
func NewFromUint64(i uint64) TrustedSQLString
NewFromUint64 constructs a TrustedSQLString from a uint64.
func TrustedSQLStringConcat ¶
func TrustedSQLStringConcat(ss ...TrustedSQLString) TrustedSQLString
TrustedSQLStringConcat concatenates the given trusted SQL strings into a trusted string.
Note: this function should not be abused to create arbitrary queries from user input, it is just intended as a helper to compose queries at runtime to avoid redundant constants.
func TrustedSQLStringJoin ¶
func TrustedSQLStringJoin(ss []TrustedSQLString, sep TrustedSQLString) TrustedSQLString
TrustedSQLStringJoin joins the given trusted SQL with the given separator the same way strings.Join would.
Note: this function should not be abused to create arbitrary queries from user input, it is just intended as a helper to compose queries at runtime to avoid redundant constants.
func TrustedSQLStringSplit ¶
func TrustedSQLStringSplit(s TrustedSQLString, sep TrustedSQLString) []TrustedSQLString
TrustedSQLStringSplit functions as strings.Split but for TrustedSQLStrings.
func (TrustedSQLString) String ¶
func (t TrustedSQLString) String() string
type Tx ¶
type Tx struct {
// contains filtered or unexported fields
}
Tx is a tiny wrapper for https://pkg.go.dev/sql#Tx
func (Tx) Commit ¶
Commit is a tiny wrapper for https://pkg.go.dev/sql#Tx.Commit
func (Tx) Exec ¶
func (tx Tx) Exec(query TrustedSQLString, args ...interface{}) (Result, error)
Exec is a tiny wrapper for https://pkg.go.dev/sql#Tx.Exec
func (Tx) ExecContext ¶
func (tx Tx) ExecContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (Result, error)
ExecContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.ExecContext
func (Tx) Prepare ¶
func (tx Tx) Prepare(query TrustedSQLString) (*Stmt, error)
Prepare is a tiny wrapper for https://pkg.go.dev/sql#Tx.Prepare
func (Tx) PrepareContext ¶
PrepareContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.PrepareContext
func (Tx) Query ¶
func (tx Tx) Query(query TrustedSQLString, args ...interface{}) (*Rows, error)
Query is a tiny wrapper for https://pkg.go.dev/sql#Tx.Query
func (Tx) QueryContext ¶
func (tx Tx) QueryContext(ctx context.Context, query TrustedSQLString, args ...interface{}) (*Rows, error)
QueryContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryContext
func (Tx) QueryRow ¶
func (tx Tx) QueryRow(query TrustedSQLString, args ...interface{}) *Row
QueryRow is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryRow
func (Tx) QueryRowContext ¶
func (tx Tx) QueryRowContext(ctx context.Context, query TrustedSQLString, args ...interface{}) *Row
QueryRowContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.QueryRowContext
func (Tx) Rollback ¶
Rollback is a tiny wrapper for https://pkg.go.dev/sql#Tx.Rollback
func (Tx) Stmt ¶
Stmt is a tiny wrapper for https://pkg.go.dev/sql#Tx.Stmt
func (Tx) StmtContext ¶
StmtContext is a tiny wrapper for https://pkg.go.dev/sql#Tx.StmtContext
type TxOptions ¶
TxOptions is a tiny wrapper for https://pkg.go.dev/sql#TxOptions
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
raw
Package raw is used to provide a bypass mechanism to implement unchecked and legacy conversions packages.
|
Package raw is used to provide a bypass mechanism to implement unchecked and legacy conversions packages. |
Package legacyconversions provides functions to create values of package safesql types from plain strings.
|
Package legacyconversions provides functions to create values of package safesql types from plain strings. |
Package uncheckedconversions provides functions to create values of package safesql types from plain strings.
|
Package uncheckedconversions provides functions to create values of package safesql types from plain strings. |