validateFieldPath ensures the JSON field path only contains safe characters before it is concatenated into the SQL query by the ent sqljson helpers. An empty path is allowed: it targets the column itself and is not injectable.
(fieldPath string)
| 138 | // before it is concatenated into the SQL query by the ent sqljson helpers. |
| 139 | // An empty path is allowed: it targets the column itself and is not injectable. |
| 140 | func validateFieldPath(fieldPath string) error { |
| 141 | if fieldPath == "" { |
| 142 | return nil |
| 143 | } |
| 144 | |
| 145 | if !fieldPathRegexp.MatchString(fieldPath) { |
| 146 | return fmt.Errorf("invalid field path %q: must be dot-separated identifiers with optional numeric array indices", fieldPath) |
| 147 | } |
| 148 | |
| 149 | return nil |
| 150 | } |
no outgoing calls
no test coverage detected