mirror of https://github.com/buster-so/buster.git
b38940939b
- Add validateWildcardUsage function to sql-parser-helpers.ts - Block SELECT * and qualified wildcards on physical database tables - Allow wildcards on CTEs and derived tables - Integrate wildcard validation into permission-validator.ts - Add comprehensive tests for all wildcard validation scenarios - Revert Rust SQL analyzer changes to focus on TypeScript implementation - Fix CTE alias handling for qualified wildcards (e.g., SELECT cte_alias.*) This prevents bypassing column-level permissions through wildcard queries while maintaining backward compatibility with legitimate query patterns. Co-Authored-By: Dallin Bentley <dallinbentley98@gmail.com> |
||
|---|---|---|
| .. | ||
| access-controls | ||
| ai | ||
| data-source | ||
| database | ||
| env-utils | ||
| rerank | ||
| sandbox | ||
| server-shared | ||
| slack | ||
| stored-values | ||
| supabase | ||
| test-utils | ||
| typescript-config | ||
| vitest-config | ||
| web-tools | ||
| tsconfig.json | ||