diff options
author | Alex Browne <stephenalexbrowne@gmail.com> | 2018-11-17 05:16:17 +0800 |
---|---|---|
committer | Alex Browne <stephenalexbrowne@gmail.com> | 2018-12-05 06:24:48 +0800 |
commit | 5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898 (patch) | |
tree | 4dc2427426a7fbcff52d2c5a3ab30453367ea0f6 | |
parent | 24fd2d9730d58a58929f401674175ad8a5a7fbc1 (diff) | |
download | dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.gz dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.bz2 dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.lz dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.xz dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.zst dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.zip |
Check for special characters in table name in pull_missing_events
-rw-r--r-- | packages/pipeline/src/scripts/pull_missing_events.ts | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/packages/pipeline/src/scripts/pull_missing_events.ts b/packages/pipeline/src/scripts/pull_missing_events.ts index b2a99e3c0..0b7f6287f 100644 --- a/packages/pipeline/src/scripts/pull_missing_events.ts +++ b/packages/pipeline/src/scripts/pull_missing_events.ts @@ -64,16 +64,20 @@ async function getCancelUpToEventsAsync(eventsSource: ExchangeEventsSource): Pro await saveEventsAsync(startBlock === EXCHANGE_START_BLOCK, repository, events); } +const tabelNameRegex = /^[a-zA-Z_]*$/; + async function getStartBlockAsync<T extends ExchangeEvent>(repository: Repository<T>): Promise<number> { const fillEventCount = await repository.count(); if (fillEventCount === 0) { console.log(`No existing ${repository.metadata.name}s found.`); return EXCHANGE_START_BLOCK; } + const tableName = repository.metadata.tableName; + if (!tabelNameRegex.test(tableName)) { + throw new Error('Unexpected special character in table name: ' + tableName); + } const queryResult = await connection.query( - // TODO(albrow): Would prefer to use a prepared statement here to reduce - // surface area for SQL injections, but it doesn't appear to be working. - `SELECT block_number FROM raw.${repository.metadata.tableName} ORDER BY block_number DESC LIMIT 1`, + `SELECT block_number FROM raw.${tableName} ORDER BY block_number DESC LIMIT 1`, ); const lastKnownBlock = queryResult[0].block_number; return lastKnownBlock - START_BLOCK_OFFSET; |