1uf3 / execinquery Goto Github PK

View Code? Open in Web Editor NEW

10.0 10.0 4.0 37 KB

A simple query string checker in Query function

License: MIT License

Go 100.00%

go golang

execinquery's Introduction

This is lufe's GitHub Home🌟

My Website is Here 💕

Github Profile Trophy 🏆

Statics📌

Development Tools

execinquery's People

Contributors

Stargazers

Watchers

Forkers

ldez areese rski olexandrpodustov

execinquery's Issues

False positive when executing SHOW tables query

internal/trino/trino_catalogo_test.go:39:15: Use Exec instead of Query to execute SHOW query (execinquery)
rows, err := db.Query("SHOW tables")

the above error suggests to use db.Exec instead of db.Query but SHOW tables will return the table names,
db.Exec will not return any results..

False positive with ShouldBindQuery using gin framework

type queryGetParams struct {
	ID          *uint64 `form:"id"`
	Pagination  *uint64 `form:"pagination"`
}

func getUsers(ctx *gin.Context) {
	params := queryGetParams{}
	if err := ctx.ShouldBindQuery(&params); err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, "invalid query params")
		return
	}
}

above fails with
execinquery It's better to use Execute method instead of ShouldBindQuery method to execute `` query

matches wrong packages

gives me an error when accessing HTTP query params:

 tokenString := ctx.QueryParam("t")

False positives with Postgres RETURNING queries

Postgres queries have options to return values in INSERT and UPDATE queries. It is false positive to replace Query or QueryRow with Execute in such cases.

False positive if query has leading whitespace

In our code we have SQL in constants, and for readability they start with an empty line:

err := s.db.QueryRow(someSQL).Scan(&foo)

const someSQL = `
  SELECT foo 
  FROM bar
  WHERE ...query continues
`

On this input we get an execinquery error:

It's better to use Execute method instead of QueryRow method to execute `` query

Suggestion: TrimLeft the query string.

False positive when using re-assigned query variable

f6 := `UPDATE * FROM test WHERE test=?`
_, _ = db.Exec(f6, s)

// re-assign variable f6
f6 = `SELECT * FROM test WHERE test=?`
_ = db.QueryRow(f6, s)

The above snippet produces the following error on the last line:

Use Exec instead of QueryRow to execute `UPDATE` query

incorrect match

The following snippet is incorrectly recognized by the linter:

package query

import "context"

const selectCodes = `-- name: SelectCodeForUpdate :one
SELECT code, max_uses, uses, ttl, enabled, created_at, updated_at
FROM codes
AS OF SYSTEM TIME follower_read_timestamp()
WHERE code = $1
`

func (q *Queries) SelectRegisterCodeFollowerRead(ctx context.Context, code string) (Code, error) {
	row := q.db.QueryRow(ctx, selectCodes , code)
	var i RegisterBonusCode
	err := row.Scan(
		&i.Code,
		&i.MaxUses,
		&i.Uses,
		&i.Ttl,
		&i.Enabled,
		&i.CreatedAt,
		&i.UpdatedAt,
	)
	return i, err
}

@lufeee

panic in [email protected]/execinquery.go:52

This is when running execinquery as part of golangci-lint:

ERRO [runner] Panic: execinquery: package "provider" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference: goroutine 201225 [running]:
runtime/debug.Stack()
	runtime/debug/stack.go:24 +0x65
github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func1()
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:101 +0x155
panic({0xef29c0, 0x190af10})
	runtime/panic.go:838 +0x207
go/types.(*Package).Path(...)
	go/types/package.go:31
github.com/lufeee/execinquery.linter.run.func1({0x12641a0?, 0xc048398e80})
	github.com/lufeee/[email protected]/execinquery.go:52 +0xbe
golang.org/x/tools/go/ast/inspector.(*Inspector).Preorder(0xc058c5adb0, {0xc00f8994e0?, 0x1?, 0x0?}, 0xc000411cf0)
	golang.org/x/[email protected]/go/ast/inspector/inspector.go:77 +0x9a
github.com/lufeee/execinquery.linter.run({0xc0001eff40?, 0xc0002ac0a0?}, 0xc0657389c0)
	github.com/lufeee/[email protected]/execinquery.go:44 +0xd5
github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyze(0xc0129c12e0)
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:187 +0x9c4
github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func2()
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:105 +0x1d
github.com/golangci/golangci-lint/pkg/timeutils.(*Stopwatch).TrackStage(0xc001133ae0, {0x105deea, 0xb}, 0xc00f899748)
	github.com/golangci/golangci-lint/pkg/timeutils/stopwatch.go:111 +0x4a
github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe(0xc02f849800?)
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:104 +0x85
github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze.func2(0xc0129c12e0)
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:80 +0xb4
created by github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze
	github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:75 +0x1eb 
WARN [runner] Can't run linter goanalysis_metalinter: goanalysis_metalinter: execinquery: package "provider" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference 
ERRO Running error: 1 error occurred:
	* can't run linter goanalysis_metalinter: goanalysis_metalinter: execinquery: package "provider" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference

I'm not sure what caused this in the code checked, I will dig into it when i find some time

Provide more accurate suggestions

There's actually no method called Execute, only Exec and ExecContext.

panic: runtime error: index out of range [0] with length 0

Running this tool go vet -vettool=$(which execinquery) ./... on favonia/cloudflare-ddns@f227115 gives the following error:

# github.com/favonia/cloudflare-ddns/internal/api_test
panic: runtime error: index out of range [0] with length 0

goroutine 9 [running]:
github.com/lufeee/execinquery.run.func1({0x6d5d38?, 0xc000184900})
	<redacted>/go/pkg/mod/github.com/lufeee/[email protected]/execinquery.go:45 +0x3ae
golang.org/x/tools/go/ast/inspector.(*Inspector).Preorder(0xc0006d0258, {0x0?, 0x81aae0?, 0x0?}, 0xc0009b2cc8)
	<redacted>/go/pkg/mod/golang.org/x/[email protected]/go/ast/inspector/inspector.go:77 +0x9a
github.com/lufeee/execinquery.run(0xc00062fee0)
	<redacted>/go/pkg/mod/github.com/lufeee/[email protected]/execinquery.go:27 +0x77
golang.org/x/tools/go/analysis/unitchecker.run.func5.1()
	<redacted>/go/pkg/mod/golang.org/x/[email protected]/go/analysis/unitchecker/unitchecker.go:355 +0x82e
sync.(*Once).doSlow(0x0?, 0x0?)
	/usr/lib/go/src/sync/once.go:68 +0xc2
sync.(*Once).Do(...)
	/usr/lib/go/src/sync/once.go:59
golang.org/x/tools/go/analysis/unitchecker.run.func5(0x81a920?)
	<redacted>/go/pkg/mod/golang.org/x/[email protected]/go/analysis/unitchecker/unitchecker.go:307 +0x1a5
golang.org/x/tools/go/analysis/unitchecker.run.func6.1(0x0?)
	<redacted>/go/pkg/mod/golang.org/x/[email protected]/go/analysis/unitchecker/unitchecker.go:367 +0x29
created by golang.org/x/tools/go/analysis/unitchecker.run.func6
	<redacted>/go/pkg/mod/golang.org/x/[email protected]/go/analysis/unitchecker/unitchecker.go:366 +0x47

PS: the README seems to miss the dollar sign in go vet -vettool=$(which execinquery) ./....