itsscb/sqlx
1
0
Fork 0
mirror of https://github.com/launchbadge/sqlx.git synced 2026-02-14 20:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add on unimplemented diagnostic to SqlStr (#4153)

Browse Source 
* add diagnostic to `SqlStr`

* Update note
This commit is contained in:
Joey de Waal 2026-02-02 16:13:52 +01:00 committed by GitHub
parent 1dd526a2ed
commit 8189f897ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sqlx-core/src/sql_str.rs
View File

@ -35,6 +35,15 @@ use std::sync::Arc;
/// [injection]: https://en.wikipedia.org/wiki/SQL_injection
/// [`query()`]: crate::query::query
/// [`raw_sql()`]: crate::raw_sql::raw_sql
#[diagnostic::on_unimplemented(
label = "dynamic SQL string",
message = "dynamic SQL strings should be audited for possible injections",
note = "prefer literal SQL strings with bind parameters or `QueryBuilder` to add dynamic data to a query.
To bypass this error, manually audit for potential injection vulnerabilities and wrap with `AssertSqlSafe()`.
For details, see the docs for `SqlSafeStr`.\n",
note = "this trait is only implemented for `&'static str`, not all `&str` like the compiler error may suggest"
)]
pub trait SqlSafeStr {
/// Convert `self` to a [`SqlStr`].
fn into_sql_str(self) -> SqlStr;