Skip to content

Commit

Permalink
Add more statements to isCreateOrInsert solve vunerability on npm pac…
Browse files Browse the repository at this point in the history 
…kage
  • Loading branch information
@caioricciuti
caioricciuti committed Jun 18, 2024
1 parent 40ad971 commit 0b97f16
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 8 deletions.
18 changes: 11 additions & 7 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 28 additions & 1 deletion src/providers/TabsStateContext.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,14 +183,41 @@ export const TabsStateProvider = ({ children }) => {
const dropTableRegex = /\bdrop\s+table\b/;
const dropColumnRegex = /\bdrop\s+column\b/;
const dropIndexRegex = /\bdrop\s+index\b/;
const createDatabase = /\bcreate\s+database\b/;
const dropDatabase = /\bdrop\s+database\b/;
const createTableAs = /\bcreate\s+table\s+as\b/;
const createTableEngine = /\bcreate\s+table\s+engine\b/;
const createTableIfNotExists = /\bcreate\s+table\s+if\s+not\s+exists\b/;
const createTableLike = /\bcreate\s+table\s+like\b/;
const createTableMaterialized = /\bcreate\s+table\s+materialized\b/;
const createTableTemporary = /\bcreate\s+table\s+temporary\b/;
const createTableTemporaryEngine = /\bcreate\s+table\s+temporary\s+engine\b/;
const createTableTemporaryIfNotExists = /\bcreate\s+table\s+temporary\s+if\s+not\s+exists\b/;
const createTableTemporaryLike = /\bcreate\s+table\s+temporary\s+like\b/;
const createTableTemporaryMaterialized = /\bcreate\s+table\s+temporary\s+materialized\b/;
const createTableTemporaryAs = /\bcreate\s+table\s+temporary\s+as\b/;


return (
createTableRegex.test(lowerQuery) ||
insertRegex.test(lowerQuery) ||
alterRegex.test(lowerQuery) ||
dropTableRegex.test(lowerQuery) ||
dropColumnRegex.test(lowerQuery) ||
dropIndexRegex.test(lowerQuery)
dropIndexRegex.test(lowerQuery) ||
createDatabase.test(lowerQuery) ||
dropDatabase.test(lowerQuery) ||
createTableAs.test(lowerQuery) ||
createTableEngine.test(lowerQuery) ||
createTableIfNotExists.test(lowerQuery) ||
createTableLike.test(lowerQuery) ||
createTableMaterialized.test(lowerQuery) ||
createTableTemporary.test(lowerQuery) ||
createTableTemporaryEngine.test(lowerQuery) ||
createTableTemporaryIfNotExists.test(lowerQuery) ||
createTableTemporaryLike.test(lowerQuery) ||
createTableTemporaryMaterialized.test(lowerQuery) ||
createTableTemporaryAs.test(lowerQuery)
);
};

Expand Down

0 comments on commit 0b97f16

Please sign in to comment.