Postguard
Test Postgres-compatible statements against a set of CORS-like rules
Why
Postgres has a rich ROLE
system for managing privileges around data in a database.
But those privileges are often too permissive by default, and are difficult to restrict with by statement or function name.
postguard
provides a Guard
statement analyzer for protecting databases from malicious or invalid queries.
This Guard
can be used in any Rust application that has access to statements (perhaps from untrusted sources) before they are run.
Under the hood, postguard
uses the libpg_query
library to parse queries down to a syntax tree
before checking the entire tree for disallowed nodes.
Installation
Add postguard
to your Cargo.toml
:
[]
= "0.1"
Usage
use ;
// If AllowedFunctions and AllowedStatements both are set to their 'All' variants
// then no parsing is done and all statements pass the guard
// Statements are checked against the list of allowed statements when a 'List' variant
// is provided. Statement-checking is done recursively, so nested disallowed statements
// are also caught by the guard
// Functions are also guarded by name. To disallow all functions, leave the 'List' empty.