mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-14 11:48:09 -05:00
fe628d8406
* github.com/yuin/goldmark v1.3.1 -> v1.3.2 * github.com/xanzy/go-gitlab v0.42.0 -> v0.44.0 * github.com/prometheus/client_golang v1.8.0 -> v1.9.0 * github.com/minio/minio-go v7.0.7 -> v7.0.9 * github.com/lafriks/xormstore v1.3.2 -> v1.4.0 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
168 lines
3.6 KiB
Go
Vendored
168 lines
3.6 KiB
Go
Vendored
// Copyright 2018 The Xorm Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package builder
|
|
|
|
import (
|
|
sql2 "database/sql"
|
|
"fmt"
|
|
"reflect"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func condToSQL(cond Cond) (string, []interface{}, error) {
|
|
if cond == nil || !cond.IsValid() {
|
|
return "", nil, nil
|
|
}
|
|
|
|
w := NewWriter()
|
|
if err := cond.WriteTo(w); err != nil {
|
|
return "", nil, err
|
|
}
|
|
return w.String(), w.args, nil
|
|
}
|
|
|
|
func condToBoundSQL(cond Cond) (string, error) {
|
|
if cond == nil || !cond.IsValid() {
|
|
return "", nil
|
|
}
|
|
|
|
w := NewWriter()
|
|
if err := cond.WriteTo(w); err != nil {
|
|
return "", err
|
|
}
|
|
return ConvertToBoundSQL(w.String(), w.args)
|
|
}
|
|
|
|
// ToSQL convert a builder or conditions to SQL and args
|
|
func ToSQL(cond interface{}) (string, []interface{}, error) {
|
|
switch cond.(type) {
|
|
case Cond:
|
|
return condToSQL(cond.(Cond))
|
|
case *Builder:
|
|
return cond.(*Builder).ToSQL()
|
|
}
|
|
return "", nil, ErrNotSupportType
|
|
}
|
|
|
|
// ToBoundSQL convert a builder or conditions to parameters bound SQL
|
|
func ToBoundSQL(cond interface{}) (string, error) {
|
|
switch cond.(type) {
|
|
case Cond:
|
|
return condToBoundSQL(cond.(Cond))
|
|
case *Builder:
|
|
return cond.(*Builder).ToBoundSQL()
|
|
}
|
|
return "", ErrNotSupportType
|
|
}
|
|
|
|
func noSQLQuoteNeeded(a interface{}) bool {
|
|
if a == nil {
|
|
return false
|
|
}
|
|
switch a.(type) {
|
|
case int, int8, int16, int32, int64:
|
|
return true
|
|
case uint, uint8, uint16, uint32, uint64:
|
|
return true
|
|
case float32, float64:
|
|
return true
|
|
case bool:
|
|
return true
|
|
case string:
|
|
return false
|
|
case time.Time, *time.Time:
|
|
return false
|
|
}
|
|
|
|
t := reflect.TypeOf(a)
|
|
|
|
switch t.Kind() {
|
|
case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
|
|
return true
|
|
case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
|
|
return true
|
|
case reflect.Float32, reflect.Float64:
|
|
return true
|
|
case reflect.Bool:
|
|
return true
|
|
case reflect.String:
|
|
return false
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// ConvertToBoundSQL will convert SQL and args to a bound SQL
|
|
func ConvertToBoundSQL(sql string, args []interface{}) (string, error) {
|
|
buf := strings.Builder{}
|
|
var i, j, start int
|
|
for ; i < len(sql); i++ {
|
|
if sql[i] == '?' {
|
|
_, err := buf.WriteString(sql[start:i])
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
start = i + 1
|
|
|
|
if len(args) == j {
|
|
return "", ErrNeedMoreArguments
|
|
}
|
|
|
|
arg := args[j]
|
|
if namedArg, ok := arg.(sql2.NamedArg); ok {
|
|
arg = namedArg.Value
|
|
}
|
|
|
|
if noSQLQuoteNeeded(arg) {
|
|
_, err = fmt.Fprint(&buf, arg)
|
|
} else {
|
|
// replace ' -> '' (standard replacement) to avoid critical SQL injection,
|
|
// NOTICE: may allow some injection like % (or _) in LIKE query
|
|
_, err = fmt.Fprintf(&buf, "'%v'", strings.Replace(fmt.Sprintf("%v", arg), "'",
|
|
"''", -1))
|
|
}
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
j = j + 1
|
|
}
|
|
}
|
|
_, err := buf.WriteString(sql[start:])
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return buf.String(), nil
|
|
}
|
|
|
|
// ConvertPlaceholder replaces the place holder ? to $1, $2 ... or :1, :2 ... according prefix
|
|
func ConvertPlaceholder(sql, prefix string) (string, error) {
|
|
buf := strings.Builder{}
|
|
var i, j, start int
|
|
var ready = true
|
|
for ; i < len(sql); i++ {
|
|
if sql[i] == '\'' && i > 0 && sql[i-1] != '\\' {
|
|
ready = !ready
|
|
}
|
|
if ready && sql[i] == '?' {
|
|
if _, err := buf.WriteString(sql[start:i]); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
start = i + 1
|
|
j = j + 1
|
|
|
|
if _, err := buf.WriteString(fmt.Sprintf("%v%d", prefix, j)); err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
}
|
|
|
|
if _, err := buf.WriteString(sql[start:]); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return buf.String(), nil
|
|
}
|