db_blaster 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/brakeman.ignore +6 -6
- data/lib/db_blaster.rb +1 -0
- data/lib/db_blaster/finder.rb +2 -13
- data/lib/db_blaster/finder_sql.rb +32 -0
- data/lib/db_blaster/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d612afe45176a37521310c9f694cb2d4b0efe1d42406da82f04bf5fca3187b86
|
|
4
|
+
data.tar.gz: 25aae3fae57025cfcc72d14e192b21950c73baa804b4270c7de2c1377bc09686
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28412dbbfae7b89fe57afd4e40fd4bc43bfb2c126a5e3fc67e632d776017f07d2f15d7d70da537344e59aa3021bff30131f905305d00c0784ab156a71185efe9
|
|
7
|
+
data.tar.gz: 49c856817e7c650bb36b5a74b3395fcdcd075439c2831aebe720eeda381fcc5e36fd08fbacdb1a4c5bd2fde2ec86e647a14a9a1975a023cc40e76019665e7bb0
|
data/config/brakeman.ignore
CHANGED
|
@@ -3,24 +3,24 @@
|
|
|
3
3
|
{
|
|
4
4
|
"warning_type": "SQL Injection",
|
|
5
5
|
"warning_code": 0,
|
|
6
|
-
"fingerprint": "
|
|
6
|
+
"fingerprint": "3fef6d99f896e29ef9346d81a1557bd3819fbc762b2aa91d44dfa25a5c095485",
|
|
7
7
|
"check_name": "SQL",
|
|
8
8
|
"message": "Possible SQL injection",
|
|
9
9
|
"file": "lib/db_blaster/finder.rb",
|
|
10
|
-
"line":
|
|
10
|
+
"line": 39,
|
|
11
11
|
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
|
|
12
|
-
"code": "ActiveRecord::Base.connection.execute(\"#{
|
|
12
|
+
"code": "ActiveRecord::Base.connection.execute(\"#{FinderSql.sql_for_source_table(source_table)} OFFSET #{offset}\")",
|
|
13
13
|
"render_path": null,
|
|
14
14
|
"location": {
|
|
15
15
|
"type": "method",
|
|
16
16
|
"class": "DbBlaster::Finder",
|
|
17
17
|
"method": "find_records_in_batches"
|
|
18
18
|
},
|
|
19
|
-
"user_input": "
|
|
19
|
+
"user_input": "FinderSql.sql_for_source_table(source_table)",
|
|
20
20
|
"confidence": "Medium",
|
|
21
|
-
"note": "
|
|
21
|
+
"note": "no sql injection"
|
|
22
22
|
}
|
|
23
23
|
],
|
|
24
|
-
"updated": "2021-08-
|
|
24
|
+
"updated": "2021-08-11 13:14:00 -0600",
|
|
25
25
|
"brakeman_version": "5.1.1"
|
|
26
26
|
}
|
data/lib/db_blaster.rb
CHANGED
|
@@ -11,6 +11,7 @@ require 'db_blaster/source_table_configuration_builder'
|
|
|
11
11
|
require 'db_blaster/publisher'
|
|
12
12
|
require 'db_blaster/publish_source_table'
|
|
13
13
|
require 'db_blaster/chunker'
|
|
14
|
+
require 'db_blaster/finder_sql'
|
|
14
15
|
require 'db_blaster/finder'
|
|
15
16
|
|
|
16
17
|
# Top-level module that serves as an entry point
|
data/lib/db_blaster/finder.rb
CHANGED
|
@@ -12,7 +12,7 @@ module DbBlaster
|
|
|
12
12
|
@offset = 0
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
-
delegate :batch_size, :name,
|
|
15
|
+
delegate :batch_size, :name, to: :source_table, prefix: true
|
|
16
16
|
|
|
17
17
|
def self.find(source_table, &block)
|
|
18
18
|
new(source_table, &block).find
|
|
@@ -34,6 +34,7 @@ module DbBlaster
|
|
|
34
34
|
private
|
|
35
35
|
|
|
36
36
|
def find_records_in_batches
|
|
37
|
+
select_sql = FinderSql.sql_for_source_table(source_table)
|
|
37
38
|
loop do
|
|
38
39
|
result = ActiveRecord::Base.connection.execute("#{select_sql} OFFSET #{offset}")
|
|
39
40
|
yield(result)
|
|
@@ -54,17 +55,5 @@ module DbBlaster
|
|
|
54
55
|
def invalid_source_table_message
|
|
55
56
|
"source_table.name: '#{source_table_name}' does not exist!"
|
|
56
57
|
end
|
|
57
|
-
|
|
58
|
-
def select_sql
|
|
59
|
-
"SELECT * FROM #{source_table_name} #{where} ORDER BY updated_at ASC LIMIT #{source_table_batch_size}"
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def where
|
|
63
|
-
return '' unless source_table_last_published_updated_at
|
|
64
|
-
|
|
65
|
-
ActiveRecord::Base.sanitize_sql_for_conditions(
|
|
66
|
-
['WHERE updated_at >= :updated_at', { updated_at: source_table_last_published_updated_at.to_s(:db) }]
|
|
67
|
-
)
|
|
68
|
-
end
|
|
69
58
|
end
|
|
70
59
|
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DbBlaster
|
|
4
|
+
# Creates the SQL needed to find records for the provided source_table
|
|
5
|
+
class FinderSql
|
|
6
|
+
attr_reader :source_table
|
|
7
|
+
|
|
8
|
+
def initialize(source_table)
|
|
9
|
+
@source_table = source_table
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.sql_for_source_table(source_table)
|
|
13
|
+
new(source_table).select_sql
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def select_sql
|
|
17
|
+
"SELECT * FROM #{source_table.name} #{where} ORDER BY updated_at ASC LIMIT #{source_table.batch_size}"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def where
|
|
21
|
+
return '' unless from_updated_at
|
|
22
|
+
|
|
23
|
+
ActiveRecord::Base.sanitize_sql_for_conditions(
|
|
24
|
+
['WHERE updated_at >= :updated_at', { updated_at: from_updated_at.to_s(:db) }]
|
|
25
|
+
)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def from_updated_at
|
|
29
|
+
@from_updated_at ||= source_table.last_published_updated_at
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
data/lib/db_blaster/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: db_blaster
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Perry Hertler
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-08-
|
|
11
|
+
date: 2021-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-sns
|
|
@@ -123,6 +123,7 @@ files:
|
|
|
123
123
|
- lib/db_blaster/configuration.rb
|
|
124
124
|
- lib/db_blaster/engine.rb
|
|
125
125
|
- lib/db_blaster/finder.rb
|
|
126
|
+
- lib/db_blaster/finder_sql.rb
|
|
126
127
|
- lib/db_blaster/one_record_too_large_error.rb
|
|
127
128
|
- lib/db_blaster/publish_source_table.rb
|
|
128
129
|
- lib/db_blaster/publisher.rb
|