rwf 0.2.1

Framework for building web applications in the Rust programming language
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

//! Implements string escaping to prevent SQL injection attacks.
use super::value::Value;

/// Escape a user-provided value to prevent
/// SQL injection attacks.
///
/// The implementation is dependent on the value, but the
/// most common one, a [`String`] (and it's reference cousin [`&str`]), are implemented.
///
/// # Example
///
/// ```
/// use rwf::model::Escape;
///
/// let email = "guest@test.com';DROP TABLE users;";
/// assert_eq!(email.escape(), "guest@test.com'';DROP TABLE users;");
/// ```
///
pub trait Escape {
    fn escape(&self) -> String;
}

impl Escape for Value {
    fn escape(&self) -> String {
        use Value::*;

        match self {
            String(string) => string.escape(),
            Integer(integer) => format!("'{}'", integer),
            Float(float) => format!("'{}'", float),
            List(values) => format!(
                "{{{}}}", // '{1, 2, 3}'
                values
                    .into_iter()
                    .map(|value| value.escape())
                    .collect::<Vec<_>>()
                    .join(", ")
            ),
            Placeholder(number) => format!("{}", number),
            _ => todo!(),
        }
    }
}

impl Escape for String {
    fn escape(&self) -> String {
        self.replace("\"", "\"\"").replace("'", "''")
    }
}

impl Escape for &str {
    fn escape(&self) -> String {
        self.to_string().escape()
    }
}