* Validates a field name to prevent SQL injection. * Field names must match the NAME_PATTERN (alphanumeric + underscore, starting with letter/underscore). * * @param field - The field name to validate * @throws {TableQueryValidationError} if field name is invalid
(field: string)
| 235 | * @throws {TableQueryValidationError} if field name is invalid |
| 236 | */ |
| 237 | function validateFieldName(field: string): void { |
| 238 | if (!field || typeof field !== 'string') { |
| 239 | throw new TableQueryValidationError('Field name must be a non-empty string') |
| 240 | } |
| 241 | |
| 242 | if (!NAME_PATTERN.test(field)) { |
| 243 | throw new TableQueryValidationError( |
| 244 | `Invalid field name "${field}". Field names must start with a letter or underscore, followed by alphanumeric characters or underscores.` |
| 245 | ) |
| 246 | } |
| 247 | } |
| 248 | |
| 249 | /** |
| 250 | * Validates an operator to ensure it's in the allowed list. |
no test coverage detected