admin/cloud-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e2c13c57e51e214e5692d4d8794e2490ae58ca0
cloud-services/pkg/validator/pg_order_by.go

28 lines
637 B
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package validator
import (
"regexp"
"strings"
"github.com/go-playground/validator/v10"
)
// This allows just one order by
func validateSqlOrderBy(fl validator.FieldLevel) bool {
// ensure ORDER BY query section is valid
// only letters and numbers
// this will prevent the sql injection test from sending an error
// because it sets the ORDER BY of a query to
// "CASE WHEN (1=1) THEN vin ELSE year END asc"
strings := strings.Split(fl.Field().String(), " ")
ex := regexp.MustCompile(`^[a-zA-Z0-9_]*$`)
for _, val := range strings {
ok := ex.MatchString(val)
if !ok {
return false
}
}
return true
}
Reference in New Issue View Git Blame Copy Permalink