-
Cal Herries authored
* Decouple checking ddl from classifying h2 stmts - should enable followup for easily blocking more kinds of queries - check all statements to make sure they aren't "ddl". * fix classify-query * linter fixes + get-field refactor * return the CommandInterface values as ints Reach into the CommandList when needed * docstring wording * catch invalid queries -- they can't be classified * Remove action subtypes from inlined-models * Add ddl check for `execute-write-query!` * Remove ACCESS_MODE_DATA * Check queries are single select statements * Add test for sample database privileges * Fix single-select check * Add single-select test * Rename and add more tests for checking read only commands * commands -> statements * Fix check-disallow-ddl-commands * new line * Add more read-only statements to the tests * Update error text * Use are * Add integration test for executing actions with disallowed commands * Add test before inserting row * Run GRANT ALL ON SCHEMA "PUBLIC" TO GUEST * Restore classify-query * whitespace * Whitelist command types for actions * Add comment * Rename * Remove dupes * Add truncate test * Add DDL commands * Rename to query-classification * Update error message * Fix test --------- Co-authored-by:Bryan Maass <bryan.maass@gmail.com>
Cal Herries authored* Decouple checking ddl from classifying h2 stmts - should enable followup for easily blocking more kinds of queries - check all statements to make sure they aren't "ddl". * fix classify-query * linter fixes + get-field refactor * return the CommandInterface values as ints Reach into the CommandList when needed * docstring wording * catch invalid queries -- they can't be classified * Remove action subtypes from inlined-models * Add ddl check for `execute-write-query!` * Remove ACCESS_MODE_DATA * Check queries are single select statements * Add test for sample database privileges * Fix single-select check * Add single-select test * Rename and add more tests for checking read only commands * commands -> statements * Fix check-disallow-ddl-commands * new line * Add more read-only statements to the tests * Update error text * Use are * Add integration test for executing actions with disallowed commands * Add test before inserting row * Run GRANT ALL ON SCHEMA "PUBLIC" TO GUEST * Restore classify-query * whitespace * Whitelist command types for actions * Add comment * Rename * Remove dupes * Add truncate test * Add DDL commands * Rename to query-classification * Update error message * Fix test --------- Co-authored-by:
Code owners
Assign users and groups as approvers for specific file changes. Learn more.