Remove comments from the query before checking for restricted keywords

2019-02-25 11:43:04 -06:00 · 2019-02-25 11:43:04 -06:00 · 2a0fd54855
commit 2a0fd54855
parent b83f52707a
2 changed files with 20 additions and 5 deletions
--- a/pkg/client/client_test.go
+++ b/pkg/client/client_test.go
@ -440,16 +440,22 @@ func testReadOnlyMode(t *testing.T) {
 	err := client.SetReadOnlyMode()
 	assert.NoError(t, err)
-	_, err = client.Query("CREATE TABLE foobar(id integer);")
+	_, err = client.Query("\nCREATE TABLE foobar(id integer);\n")
 	assert.NotNil(t, err)
 	assert.Error(t, err, "query contains keywords not allowed in read-only mode")
 	// Turn off guard
 	client.db.Exec("SET default_transaction_read_only=off;")
-	_, err = client.Query("CREATE TABLE foobar(id integer);")
+	_, err = client.Query("\nCREATE TABLE foobar(id integer);\n")
 	assert.NotNil(t, err)
 	assert.Contains(t, err.Error(), "query contains keywords not allowed in read-only mode")
 	_, err = client.Query("-- CREATE TABLE foobar(id integer);\nSELECT 'foo';")
 	assert.NoError(t, err)
 	_, err = client.Query("/* CREATE TABLE foobar(id integer); */ SELECT 'foo';")
 	assert.NoError(t, err)
 }
 func TestAll(t *testing.T) {
--- a/pkg/client/util.go
+++ b/pkg/client/util.go
@ -5,8 +5,14 @@ import (
 	"strings"
 )
-// List of keywords that are not allowed in read-only mode
+var (
-var restrictedKeywords = regexp.MustCompile(`(?mi)\s?(CREATE|INSERT|DROP|DELETE|TRUNCATE|GRANT|OPEN|IMPORT|COPY)\s`)
+	// List of keywords that are not allowed in read-only mode
 	reRestrictedKeywords = regexp.MustCompile(`(?mi)\s?(CREATE|INSERT|DROP|DELETE|TRUNCATE|GRANT|OPEN|IMPORT|COPY)\s`)
 	// Comment regular expressions
 	reSlashComment = regexp.MustCompile(`(?m)/\*.+\*/`)
 	reDashComment  = regexp.MustCompile(`(?m)--.+`)
 )
 // Get short version from the string
 // Example: 10.2.3.1 -> 10.2
@ -20,5 +26,8 @@ func getMajorMinorVersion(str string) string {
 // containsRestrictedKeywords returns true if given keyword is not allowed in read-only mode
 func containsRestrictedKeywords(str string) bool {
-	return restrictedKeywords.MatchString(str)
+	str = reSlashComment.ReplaceAllString(str, "")
 	str = reDashComment.ReplaceAllString(str, "")
 	return reRestrictedKeywords.MatchString(str)
 }