Archives
/
go.nvim
mirror of https://github.com/ray-x/go.nvim
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
gh_action
fixtures
revert-371-disable-injection-import
nvim_0.8
bugfix160
nvim_0_7
nvim_0.6.1
v0.1.0
v0.2.0
v0.2.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f45b072606'
${ noResults }
go.nvim/after/queries/go/injections.scm

65 lines
2.2 KiB
Scheme
Raw Blame History

; extends
; inject sql in single line strings
; e.g. db.GetContext(ctx, "SELECT * FROM users WHERE name = 'John'")
((call_expression
(selector_expression
field: (field_identifier) @_field)
(argument_list
(interpreted_string_literal) @sql))
(#any-of? @_field "Exec" "GetContext" "ExecContext" "SelectContext" "In"
"RebindNamed" "Rebind" "QueryRowxContext" "NamedExec")
(#offset! @sql 0 1 0 -1))
; ----------------------------------------------------------------
; a general query injection
([
(interpreted_string_literal)
(raw_string_literal)
] @sql
(#match? @sql "(SELECT|select|INSERT|insert|UPDATE|update|DELETE|delete).+(FROM|from|INTO|into|VALUES|values|SET|set).*(WHERE|where|GROUP BY|group by)?")
(#offset! @sql 0 1 0 -1))
; ----------------------------------------------------------------
; fallback keyword and comment based injection
([
(interpreted_string_literal)
(raw_string_literal)
] @sql
(#contains? @sql "-- sql" "--sql" "ADD CONSTRAINT" "ALTER TABLE" "ALTER COLUMN"
"DATABASE" "FOREIGN KEY" "GROUP BY" "HAVING" "CREATE INDEX" "INSERT INTO"
"NOT NULL" "PRIMARY KEY" "UPDATE SET" "TRUNCATE TABLE" "LEFT JOIN")
(#offset! @sql 0 1 0 -1))
; should I use a more exhaustive list of keywords?
; "ADD" "ADD CONSTRAINT" "ALL" "ALTER" "AND" "ASC" "COLUMN" "CONSTRAINT" "CREATE" "DATABASE" "DELETE" "DESC" "DISTINCT" "DROP" "EXISTS" "FOREIGN KEY" "FROM" "JOIN" "GROUP BY" "HAVING" "IN" "INDEX" "INSERT INTO" "LIKE" "LIMIT" "NOT" "NOT NULL" "OR" "ORDER BY" "PRIMARY KEY" "SELECT" "SET" "TABLE" "TRUNCATE TABLE" "UNION" "UNIQUE" "UPDATE" "VALUES" "WHERE"
; json
((const_spec
name: (identifier) @_const
value: (expression_list (raw_string_literal) @json))
(#lua-match? @_const ".*[J|j]son.*"))
; jsonStr := `{"foo": "bar"}`
((short_var_declaration
left: (expression_list
(identifier) @_var)
right: (expression_list
(raw_string_literal) @json))
(#lua-match? @_var ".*[J|j]son.*")
(#offset! @json 0 1 0 -1))
((composite_literal
type: (type_identifier) @_type
body: (literal_value
(keyed_element
(literal_element) @_key
(literal_element) @lua)))
(#eq? @_type "generatorTestCase")
(#eq? @_key "overrideScript"))
Reference in New Issue View Git Blame Copy Permalink