Skip to content

Commit

Permalink
Set keywords as safe but flag every word that is not a keyword
Browse files Browse the repository at this point in the history
  • Loading branch information
Wout Feys committed Sep 23, 2024
1 parent d941a5a commit 962808b
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion src/sql_injection/is_dangerous_token.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
use sqlparser::keywords::Keyword;
use sqlparser::tokenizer::*;

pub fn is_dangerous_token(token: &Token) -> bool {
// Check if token is "word" so we can check against safe keywords list :
if let Token::Word(word) = token {
// Return true if the word is not a Keyword, this is marked as dangerous.
return match word.keyword {
Keyword::NoKeyword => true,
_ => false,
};
}
match token {
// Safe string tokens :
// https://github.com/sqlparser-rs/sqlparser-rs/blob/affe8b549884a351ead4f35aa8bdf4cae8c93e4b/src/tokenizer.rs#L65C1-L105C30
Expand Down

0 comments on commit 962808b

Please sign in to comment.