(sql: string, connectorType: ConnectorType | string)
| 102 | * 4. For EXPLAIN statements, rejects EXPLAIN ANALYZE with DML. |
| 103 | */ |
| 104 | export function isReadOnlySQL(sql: string, connectorType: ConnectorType | string): boolean { |
| 105 | return checkReadOnly( |
| 106 | stripCommentsAndStrings(sql, connectorType as ConnectorType).trim().toLowerCase(), |
| 107 | connectorType, |
| 108 | ); |
| 109 | } |
| 110 | |
| 111 | function checkReadOnly(cleanedSQL: string, connectorType: ConnectorType | string): boolean { |
| 112 | // Empty after stripping → deny. Attacker-crafted inputs may reduce to |