Module: Semian::ActiveRecordAdapter::ClassMethods

Defined in:
lib/semian/activerecord_adapter.rb

Instance Method Summary collapse

Instance Method Details

#query_allowlisted?(sql) ⇒ Boolean

Returns:

  • (Boolean) 


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/semian/activerecord_adapter.rb', line 11

def query_allowlisted?(sql, *)
  # COMMIT, ROLLBACK
  tx_command_statement = sql.end_with?("T", "K")

  # RELEASE SAVEPOINT. Nesting past _3 levels won't get bypassed.
  # Active Record does not send trailing spaces or `;`, so we are in the realm of hand crafted queries here.
  savepoint_statement = sql.end_with?("_1", "_2")
  unclear = sql.end_with?(" ", ";")

  if !tx_command_statement && !savepoint_statement && !unclear
    false
  else
    QUERY_ALLOWLIST.match?(sql)
  end
rescue ArgumentError
  return false unless sql.valid_encoding?

  raise
end