Added validator method for table names in SQL queries

pixee · Jul 8, 2024 · 6101791 · 6101791
1 parent bf8ff4b
commit 6101791
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/src/main/java/io/github/pixee/security/SQLSecurity.java b/src/main/java/io/github/pixee/security/SQLSecurity.java
@@ -0,0 +1,18 @@
+package io.github.pixee.security;
+
+import java.util.regex.Pattern;
+
+/**
+ * This type exposes helper methods to deal with attacks related to SQL Injections.
+ */
+public final class SQLSecurity {
+
+  private final static Pattern regex = Pattern.compile("[a-zA-Z0-9_]+(.[a-zA-Z0-9_]+)?");
+
+  /**
+   * Checks if a given table name is composed entirelly of alphanumeric characters and "_".
+   */
+  public static boolean alphanumericValidator(final String tableName) {
+    return regex.matcher(tableName).matches();
+  }
+}