safesql

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 25, 2024 License: BSD-3-Clause Imports: 8 Imported by: 0

README

safesql

Go safe SQL implementation

In order to use this library the following steps must be taken:

  • Set up your CI/tests so that you can:
    • Ban imports of a specific package/function
    • Create an allowlist of call sites that can use that package/function
  • Create an atomic change that:
    • Converts all calls to database/sql into calls to safesql. This can easily be achieved with the legacyconversions package and automated patching.
    • Prevents new calls to legacyconversions from being added and bans import of the database/sql package. This should ideally be true for all transitive dependencies.
    • Only allows safesql to import database/sql.
  • After submitting that change, gradually migrate legacyconversions calls to use safesql functions or be promoted to uncheckedconversions. If you chose the latter make sure the strings that you promote are controlled by the programmer and never by the user.

Documentation

Overview

Package safesql implements a safe version of database/sql to prevent accidental SQL injections.

Usage should ideally be identical to the standard sql package with the exception that strings should be String instead.

The simplest way to transition to this package is to turn statements like 

db.Query("SELECT ...", args...)

into 

db.Query(safesql.New("SELECT ..."), args...)

Once safesql is adopted, importing database/sql should be banned with the sole exception of this package. Types from database/sql that are inherently safe have aliases in this package to allow for an easier transition and smaller allowlists.

For leftover exceptions and for transitions the legacyconversions and uncheckedconversions packages can be used. Similarly, the testconversions should only be used during tests.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrConnDone is https://pkg.go.dev/database/sql#ErrConnDone
	ErrConnDone = sql.ErrConnDone
	// ErrNoRows is https://pkg.go.dev/database/sql#ErrNoRows
	ErrNoRows = sql.ErrNoRows
	// ErrTxDone is https://pkg.go.dev/database/sql#ErrTxDone
	ErrTxDone = sql.ErrTxDone
)

Functions

func Drivers 

func Drivers() []string

Drivers is https://pkg.go.dev/sql#Drivers

func Register 

func Register(name string, driver driver.Driver)

func is https://pkg.go.dev/database/sql#func

Types

type ColumnType 

type ColumnType = sql.ColumnType

ColumnType is https://pkg.go.dev/sql#ColumnType

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a tiny wrapper for https://pkg.go.dev/database/sql#Conn The Raw method has been removed for security reasons.

func (*Conn) BeginTx 

func (c *Conn) BeginTx(ctx context.Context, opts *TxOptions) (*Tx, error)

BeginTx is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.BeginTx

func (*Conn) Close 

func (c *Conn) Close() error

Close is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.Close

func (*Conn) ExecContext 

func (c *Conn) ExecContext(ctx context.Context, query String, args ...any) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.ExecContext

func (*Conn) PingContext 

func (c *Conn) PingContext(ctx context.Context) error

PingContext is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.PingContext

func (*Conn) PrepareContext 

func (c *Conn) PrepareContext(ctx context.Context, query String) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.PrepareContext

func (*Conn) QueryContext 

func (c *Conn) QueryContext(ctx context.Context, query String, args ...any) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.QueryContext

func (*Conn) QueryRowContext 

func (c *Conn) QueryRowContext(ctx context.Context, query String, args ...any) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/database/sql#Conn.QueryRowContext

type DB 

type DB struct {
	// contains filtered or unexported fields
}

DB is a tiny wrapper for https://pkg.go.dev/database/sql#DB The Driver method has been removed for security reasons.

func Open 

func Open(driverName, dataSourceName string) (*DB, error)

Open is a tiny wrapper for https://pkg.go.dev/database/sql#Open

func OpenDB 

func OpenDB(c driver.Connector) *DB

OpenDB is a tiny wrapper for https://pkg.go.dev/database/sql#OpenDB

func (*DB) Begin 

func (db *DB) Begin() (*Tx, error)

Begin is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Begin

func (*DB) BeginTx 

func (db *DB) BeginTx(ctx context.Context, opts *TxOptions) (*Tx, error)

BeginTx is a tiny wrapper for https://pkg.go.dev/database/sql#DB.BeginTx

func (*DB) Close 

func (db *DB) Close() error

Close is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Close

func (*DB) Conn 

func (db *DB) Conn(ctx context.Context) (*Conn, error)

Conn is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Conn

func (*DB) Exec 

func (db *DB) Exec(query String, args ...any) (Result, error)

Exec is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Exec

func (*DB) ExecContext 

func (db *DB) ExecContext(ctx context.Context, query String, args ...any) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/database/sql#DB.ExecContext

func (*DB) Ping 

func (db *DB) Ping() error

Ping is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Ping

func (*DB) PingContext 

func (db *DB) PingContext(ctx context.Context) error

PingContext is a tiny wrapper for https://pkg.go.dev/database/sql#DB.PingContext

func (*DB) Prepare 

func (db *DB) Prepare(query String) (*Stmt, error)

Prepare is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Prepare

func (*DB) PrepareContext 

func (db *DB) PrepareContext(ctx context.Context, query String) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/database/sql#DB.PrepareContext

func (*DB) Query 

func (db *DB) Query(query String, args ...any) (*Rows, error)

Query is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Query

func (*DB) QueryContext 

func (db *DB) QueryContext(ctx context.Context, query String, args ...any) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/database/sql#DB.QueryContext

func (*DB) QueryRow 

func (db *DB) QueryRow(query String, args ...any) *Row

QueryRow is a tiny wrapper for https://pkg.go.dev/database/sql#DB.QueryRow

func (*DB) QueryRowContext 

func (db *DB) QueryRowContext(ctx context.Context, query String, args ...any) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/database/sql#DB.QueryRowContext

func (*DB) SetConnMaxIdleTime 

func (db *DB) SetConnMaxIdleTime(d time.Duration)

SetConnMaxIdleTime is a tiny wrapper for https://pkg.go.dev/database/sql#DB.SetConnMaxIdleTime

func (*DB) SetConnMaxLifetime 

func (db *DB) SetConnMaxLifetime(d time.Duration)

SetConnMaxLifetime is a tiny wrapper for https://pkg.go.dev/database/sql#DB.SetConnMaxLifetime

func (*DB) SetMaxIdleConns 

func (db *DB) SetMaxIdleConns(n int)

SetMaxIdleConns is a tiny wrapper for https://pkg.go.dev/database/sql#DB.SetMaxIdleConns

func (*DB) SetMaxOpenConns 

func (db *DB) SetMaxOpenConns(n int)

SetMaxOpenConns is a tiny wrapper for https://pkg.go.dev/database/sql#DB.SetMaxOpenConns

func (*DB) Stats 

func (db *DB) Stats() DBStats

Stats is a tiny wrapper for https://pkg.go.dev/database/sql#DB.Stats

type DBStats 

type DBStats = sql.DBStats

DBStats is https://pkg.go.dev/sql#DBStats

type IsolationLevel 

type IsolationLevel = sql.IsolationLevel

IsolationLevel is https://pkg.go.dev/sql#IsolationLevel

type NamedArg 

type NamedArg = sql.NamedArg

NamedArg is https://pkg.go.dev/sql#NamedArg

type NullBool 

type NullBool = sql.NullBool

NullBool is https://pkg.go.dev/sql#NullBool

type NullFloat64 

type NullFloat64 = sql.NullFloat64

NullFloat64 is https://pkg.go.dev/sql#NullFloat64

type NullInt32 

type NullInt32 = sql.NullInt32

NullInt32 is https://pkg.go.dev/sql#NullInt32

type NullInt64 

type NullInt64 = sql.NullInt64

NullInt64 is https://pkg.go.dev/sql#NullInt64

type NullString 

type NullString = sql.NullString

NullString is https://pkg.go.dev/sql#NullString

type NullTime 

type NullTime = sql.NullTime

NullTime is https://pkg.go.dev/sql#NullTime

type Out 

type Out = sql.Out

Out is https://pkg.go.dev/sql#Out

type RawBytes 

type RawBytes = sql.RawBytes

RawBytes is https://pkg.go.dev/sql#RawBytes

type RealNumber 

type RealNumber interface {
	constraints.Integer | constraints.Float
}

type Result 

type Result = sql.Result

Result is https://pkg.go.dev/sql#Result

type Row 

type Row = sql.Row

Row is https://pkg.go.dev/sql#Row

type Rows 

type Rows = sql.Rows

Rows is https://pkg.go.dev/sql#Rows

type Scanner 

type Scanner = sql.Scanner

Scanner is https://pkg.go.dev/sql#Scanner

type Stmt 

type Stmt = sql.Stmt

Stmt is https://pkg.go.dev/sql#Stmt

type String 

type String struct {
	// contains filtered or unexported fields
}

String wraps a string that is safe and does not contain user-controlled input.

func New 

func New(text stringConstant) String

New constructs a String from a compile-time constant string. Since the stringConstant type is unexported the only way to call this function outside of this package is to pass a string literal or an untyped string const.

Note(empijei): this can be bypassed by using generics with ~string, but that feels very unlikely to happen by accident and malicious programmers are not part of the threat model of this package.

func NewFromNumber 

func NewFromNumber[N RealNumber](i N) String

NewFromNumber constructs a String from a number.

func StringConcat 

func StringConcat(ss ...String) String

StringConcat concatenates the given [String]s into a trusted string.

Note(empijei): this function may be abused to create arbitrary queries from user inputs, but malicious programmers are not part of the threat model of this package.

func StringJoin 

func StringJoin(ss []String, sep String) String

StringJoin joins the given [String]s with the given separator the same way strings.Join would.

Note(empijei): this function may be abused to create arbitrary queries from user inputs, but malicious programmers are not part of the threat model of this package.

func StringSplit 

func StringSplit(s String, sep String) []String

StringSplit functions as strings.Split but for [String]s.

func (String) String 

func (t String) String() string

String returns the internal representation of the String, safe to be used with a sql engine.

type Tx 

type Tx struct {
	// contains filtered or unexported fields
}

Tx is a tiny wrapper for https://pkg.go.dev/database/sql#Tx

func (*Tx) Commit 

func (tx *Tx) Commit() error

Commit is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Commit

func (*Tx) Exec 

func (tx *Tx) Exec(query String, args ...any) (Result, error)

Exec is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Exec

func (*Tx) ExecContext 

func (tx *Tx) ExecContext(ctx context.Context, query String, args ...any) (Result, error)

ExecContext is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.ExecContext

func (*Tx) Prepare 

func (tx *Tx) Prepare(query String) (*Stmt, error)

Prepare is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Prepare

func (*Tx) PrepareContext 

func (tx *Tx) PrepareContext(ctx context.Context, query String) (*Stmt, error)

PrepareContext is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.PrepareContext

func (*Tx) Query 

func (tx *Tx) Query(query String, args ...any) (*Rows, error)

Query is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Query

func (*Tx) QueryContext 

func (tx *Tx) QueryContext(ctx context.Context, query String, args ...any) (*Rows, error)

QueryContext is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.QueryContext

func (*Tx) QueryRow 

func (tx *Tx) QueryRow(query String, args ...any) *Row

QueryRow is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.QueryRow

func (*Tx) QueryRowContext 

func (tx *Tx) QueryRowContext(ctx context.Context, query String, args ...any) *Row

QueryRowContext is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.QueryRowContext

func (*Tx) Rollback 

func (tx *Tx) Rollback() error

Rollback is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Rollback

func (*Tx) Stmt 

func (tx *Tx) Stmt(stmt *Stmt) *Stmt

Stmt is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.Stmt

func (*Tx) StmtContext 

func (tx *Tx) StmtContext(ctx context.Context, stmt *Stmt) *Stmt

StmtContext is a tiny wrapper for https://pkg.go.dev/database/sql#Tx.StmtContext

type TxOptions 

type TxOptions = sql.TxOptions

TxOptions is https://pkg.go.dev/sql#TxOptions

Source Files

View all Source files

Directories

Path Synopsis
internal
raw
Package legacyconversions can be used to atomically switch to safesql.
 Package legacyconversions can be used to atomically switch to safesql.
Package testconversions can be used to easily create unsafe SQL strings during tests.
 Package testconversions can be used to easily create unsafe SQL strings during tests.
Package uncheckedconversions can be used to manually promote unsafe strings to safesql.String.
 Package uncheckedconversions can be used to manually promote unsafe strings to safesql.String.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.