issue_comments: 1292674919
This data as json
| html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
|---|---|---|---|---|---|---|---|---|---|---|---|
| https://github.com/simonw/datasette/issues/1860#issuecomment-1292674919 | https://api.github.com/repos/simonw/datasette/issues/1860 | 1292674919 | IC_kwDOBm6k_c5NDKdn | 9599 | 2022-10-26T21:31:22Z | 2022-10-26T21:31:22Z | OWNER | I'm experimenting with this: ```python # Allow SQL to start with a /* */ or -- comment comment_re = ( # Start of string, then any amount of whitespace r'^(\s*' + # Comment that starts with -- and ends at a newline r'(?:\-\-.*?\n\s*)' + # Comment that starts with /* and ends with */ r'|(?:/\*[\s\S]*?\*/)' + # Whitespace r')*\s*' ) allowed_sql_res = [ re.compile(comment_re + r"select\b"), re.compile(comment_re + r"explain\s+select\b"), re.compile(comment_re + r"explain\s+query\s+plan\s+select\b"), re.compile(comment_re + r"with\b"), re.compile(comment_re + r"explain\s+with\b"), re.compile(comment_re + r"explain\s+query\s+plan\s+with\b"), ] ``` This should allow any number of comments of either type as a suffix to the allowed SQL patterns. Needs extensive unit tests! I'm not massively worried if it has a flaw in it though, since this is part of Datasette's defense in depth: if a non-SELECT query sneaks through it still shouldn't be able to cause any damage as the database connection is read-only or immutable. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 1424378012 |