aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Browne <stephenalexbrowne@gmail.com>2018-11-17 05:16:17 +0800
committerAlex Browne <stephenalexbrowne@gmail.com>2018-12-05 06:24:48 +0800
commit5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898 (patch)
tree4dc2427426a7fbcff52d2c5a3ab30453367ea0f6
parent24fd2d9730d58a58929f401674175ad8a5a7fbc1 (diff)
downloaddexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.gz
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.bz2
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.lz
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.xz
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.tar.zst
dexon-sol-tools-5cad2ad1744ab1c1e24ed52fc0a26ec5acf5c898.zip
Check for special characters in table name in pull_missing_events
-rw-r--r--packages/pipeline/src/scripts/pull_missing_events.ts10
1 files changed, 7 insertions, 3 deletions
diff --git a/packages/pipeline/src/scripts/pull_missing_events.ts b/packages/pipeline/src/scripts/pull_missing_events.ts
index b2a99e3c0..0b7f6287f 100644
--- a/packages/pipeline/src/scripts/pull_missing_events.ts
+++ b/packages/pipeline/src/scripts/pull_missing_events.ts
@@ -64,16 +64,20 @@ async function getCancelUpToEventsAsync(eventsSource: ExchangeEventsSource): Pro
await saveEventsAsync(startBlock === EXCHANGE_START_BLOCK, repository, events);
}
+const tabelNameRegex = /^[a-zA-Z_]*$/;
+
async function getStartBlockAsync<T extends ExchangeEvent>(repository: Repository<T>): Promise<number> {
const fillEventCount = await repository.count();
if (fillEventCount === 0) {
console.log(`No existing ${repository.metadata.name}s found.`);
return EXCHANGE_START_BLOCK;
}
+ const tableName = repository.metadata.tableName;
+ if (!tabelNameRegex.test(tableName)) {
+ throw new Error('Unexpected special character in table name: ' + tableName);
+ }
const queryResult = await connection.query(
- // TODO(albrow): Would prefer to use a prepared statement here to reduce
- // surface area for SQL injections, but it doesn't appear to be working.
- `SELECT block_number FROM raw.${repository.metadata.tableName} ORDER BY block_number DESC LIMIT 1`,
+ `SELECT block_number FROM raw.${tableName} ORDER BY block_number DESC LIMIT 1`,
);
const lastKnownBlock = queryResult[0].block_number;
return lastKnownBlock - START_BLOCK_OFFSET;