新增: u-tpl SQL 模板引擎完整实现
- Lexer/Parser/Executor 三阶段架构
- #{param} 参数化 + ${raw} 原样替换 + 白名单安全策略
- @if/@for/@tpl/@include/@namespace 控制流
- 表达式引擎: 比较、逻辑、nil 检查、len() 内置函数
- 支持 ?/$1/:1 多数据库占位符风格
- 零依赖,纯 Go 标准库实现
This commit is contained in:
39
safety.go
Normal file
39
safety.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package utpl
|
||||
|
||||
import "slices"
|
||||
|
||||
type RawPolicy interface {
|
||||
Validate(param string, value string) error
|
||||
}
|
||||
|
||||
type RawAllowlist map[string][]string
|
||||
|
||||
func (a RawAllowlist) Validate(param string, value string) error {
|
||||
allowed, ok := a[param]
|
||||
if !ok {
|
||||
return &UnsafeRawError{Param: param, Value: value, Message: "no allowlist defined"}
|
||||
}
|
||||
if slices.Contains(allowed, value) {
|
||||
return nil
|
||||
}
|
||||
return &UnsafeRawError{Param: param, Value: value, Message: "value not in allowlist"}
|
||||
}
|
||||
|
||||
type RawBlocklist map[string][]string
|
||||
|
||||
func (b RawBlocklist) Validate(param string, value string) error {
|
||||
blocked, ok := b[param]
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
if slices.Contains(blocked, value) {
|
||||
return &UnsafeRawError{Param: param, Value: value, Message: "value is blocked"}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type RawNoop struct{}
|
||||
|
||||
func (RawNoop) Validate(string, string) error {
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user