-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsqlchk.go
81 lines (68 loc) · 1.7 KB
/
sqlchk.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package sqlchk
import (
"fmt"
"go/ast"
"go/token"
"os"
"strings"
_ "github.com/go-sql-driver/mysql"
_ "github.com/lib/pq"
_ "github.com/mattn/go-sqlite3"
"github.com/jmoiron/sqlx"
"golang.org/x/tools/go/analysis"
"golang.org/x/tools/go/analysis/passes/inspect"
"golang.org/x/tools/go/ast/inspector"
)
const doc = `
Validate SQL queries by running them on a database.
Requires setting DATABASE_URL environment variable with the url of the database
on which the queries are going to be run.
The SQL queries in your code are required to start with "--sql" prefix to be
recognized by sqlchk.
`
var Analyzer = &analysis.Analyzer{
Name: "sqlchk",
Doc: doc,
Run: run,
FactTypes: []analysis.Fact{},
Requires: []*analysis.Analyzer{inspect.Analyzer},
}
func run(pass *analysis.Pass) (any, error) {
databaseUrl := os.Getenv("DATABASE_URL")
scheme, _, ok := strings.Cut(databaseUrl, "://")
if !ok {
return nil, fmt.Errorf("database url has no scheme")
}
db, err := sqlx.Connect(scheme, databaseUrl+"?sslmode=disable")
if err != nil {
return nil, err
}
defer db.Close()
inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
filterNodes := []ast.Node{
(*ast.BasicLit)(nil),
}
inspect.Preorder(filterNodes, func(n ast.Node) {
node := n.(*ast.BasicLit)
if node.Kind != token.STRING {
return
}
var str string
if strings.HasPrefix(node.Value, "`") {
str = strings.Trim(node.Value, "`")
} else {
str = strings.TrimRight(node.Value, "\"")
}
if !strings.HasPrefix(str, "--sql") {
return
}
sqlStr := str
stmt, err := db.Prepare(sqlStr)
if err != nil {
pass.Reportf(node.Pos(), "%s", err.Error())
return
}
stmt.Close()
})
return nil, nil
}