semian 0.21.1 → 0.21.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 582286749e5f1d41b7ba0241f7296a28edb9eedfceb06c60abb49c56c2cc7548
-  data.tar.gz: 44d76f2a1f2116e638dd5360de8900e8cee73e0efb82501746d35213dc3d0df0
+  metadata.gz: f07497a8f77d5309e042951ac2c15d6a8e420abcafea896890a103e78fe05118
+  data.tar.gz: bfbd847f058a7bd3b7a947f3f610037fb4aa5e83fa9bfcc62c45ffee9a65c84e
 SHA512:
-  metadata.gz: cb3fddb047e11477d1413a8d33faea222458c15360170242e565bf661090b8afa8b625424b8734801737f68d8e23edafcc1ffdd8fcb35ea2c2e1ea761e7d690a
-  data.tar.gz: 2d11aea9d0f390b127e1b05df0dbde3d9817e336f8a15e8d8010efa78afd46d45ef8e935b96f2da5e5fbca13c3f8a084c7b78d8b3159d32919b2af87fa370110
+  metadata.gz: 706b48ac696d80d501186e6547ccfeb27580557d7b329f2fc91c9ad61312d459b0c46c7feedf3309cd60c858a76bf9b226f5928021edd427473df9b1d63a2111
+  data.tar.gz: 9765572757897eedc79532ecf8c80b9286e14c18f2c5239b459ce20f6de8f2522931404fbd6d613a8a63f9302350e16b178d0d4887aa028a18970ef6a19bbc65

data/lib/semian/activerecord_trilogy_adapter.rb

@@ -29,6 +29,39 @@ module Semian
     ResourceBusyError = ::ActiveRecord::ConnectionAdapters::TrilogyAdapter::ResourceBusyError
     CircuitOpenError = ::ActiveRecord::ConnectionAdapters::TrilogyAdapter::CircuitOpenError
 
+    QUERY_ALLOWLIST = %r{\A(?:/\*.*?\*/)?\s*(ROLLBACK|COMMIT|RELEASE\s+SAVEPOINT)}i
+
+    # The common case here is NOT to have transaction management statements, therefore
+    # we are exploiting the fact that Active Record will use COMMIT/ROLLBACK as
+    # the suffix of the command string and
+    # name savepoints by level of nesting as `active_record_1` ... n.
+    #
+    # Since looking at the last characters in a string using `end_with?` is a LOT cheaper than
+    # running a regex, we are returning early if the last characters of
+    # the SQL statements are NOT the last characters of the known transaction
+    # control statements.
+    class << self
+      def query_allowlisted?(sql, *)
+        # COMMIT, ROLLBACK
+        tx_command_statement = sql.end_with?("T") || sql.end_with?("K")
+
+        # RELEASE SAVEPOINT. Nesting past _3 levels won't get bypassed.
+        # Active Record does not send trailing spaces or `;`, so we are in the realm of hand crafted queries here.
+        savepoint_statement = sql.end_with?("_1") || sql.end_with?("_2")
+        unclear = sql.end_with?(" ") || sql.end_with?(";")
+
+        if !tx_command_statement && !savepoint_statement && !unclear
+          false
+        else
+          QUERY_ALLOWLIST.match?(sql)
+        end
+      rescue ArgumentError
+        return false unless sql.valid_encoding?
+
+        raise
+      end
+    end
+
     attr_reader :raw_semian_options, :semian_identifier
 
     def initialize(*options)
@@ -48,7 +81,7 @@ module Semian
     end
 
     def raw_execute(sql, *)
-      if query_allowlisted?(sql)
+      if Semian::ActiveRecordTrilogyAdapter.query_allowlisted?(sql)
         super
       else
         acquire_semian_resource(adapter: :trilogy_adapter, scope: :query) do
@@ -90,17 +123,6 @@ module Semian
       ]
     end
 
-    # TODO: share this with Mysql2
-    QUERY_ALLOWLIST = %r{\A(?:/\*.*?\*/)?\s*(ROLLBACK|COMMIT|RELEASE\s+SAVEPOINT)}i
-
-    def query_allowlisted?(sql, *)
-      QUERY_ALLOWLIST.match?(sql)
-    rescue ArgumentError
-      return false unless sql.valid_encoding?
-
-      raise
-    end
-
     def connect(*args)
       acquire_semian_resource(adapter: :trilogy_adapter, scope: :connection) do
         super

data/lib/semian/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Semian
-  VERSION = "0.21.1"
+  VERSION = "0.21.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: semian
 version: !ruby/object:Gem::Version
-  version: 0.21.1
+  version: 0.21.2
 platform: ruby
 authors:
 - Scott Francis
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-10 00:00:00.000000000 Z
+date: 2024-01-17 00:00:00.000000000 Z
 dependencies: []
 description: |2
       A Ruby C extention that is used to control access to shared resources