Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/microsoft/gocosmos
Please note, this is an EXPERIMENTAL non production package. We do not provide official support for this package. Please see SUPPORT.md for details.
Our official package azcosmos is ready for production use.
Go driver for Azure Cosmos DB SQL API which can be used with the standard database/sql package. A REST client is also included.
Summary of supported SQL statements:
Statement | Syntax |
---|---|
Create a new database | CREATE DATABASE [IF NOT EXISTS] <db-name> |
Change database's throughput | ALTER DATABASE <db-name> WITH RU/MAXRU=<ru> |
Delete an existing database | DROP DATABASE [IF EXISTS] <db-name> |
List all existing databases | LIST DATABASES |
Create a new collection | CREATE COLLECTION [IF NOT EXISTS] [<db-name>.]<collection-name> <WITH PK=partitionKey> |
Change collection's throughput | ALTER COLLECTION [<db-name>.]<collection-name> WITH RU/MAXRU=<ru> |
Delete an existing collection | DROP COLLECTION [IF EXISTS] [<db-name>.]<collection-name> |
List all existing collections in a database | LIST COLLECTIONS [FROM <db-name>] |
Insert a new document into collection | INSERT INTO [<db-name>.]<collection-name> ... |
Insert or replace a document | UPSERT INTO [<db-name>.]<collection-name> ... |
Delete an existing document | DELETE FROM [<db-name>.]<collection-name> WHERE id=<id-value> |
Update an existing document | UPDATE [<db-name>.]<collection-name> SET ... WHERE id=<id-value> |
Query documents in a collection | SELECT [CROSS PARTITION] ... FROM <collection-name> ... [WITH database=<db-name>] |
See supported SQL statements for details.
Azure Cosmos DB SQL API currently supports only SELECT statement.
gocosmos
implements other statements by translating the SQL statement to REST API calls.
package main
import (
"database/sql"
_ "github.com/microsoft/gocosmos"
)
func main() {
driver := "gocosmos"
dsn := "AccountEndpoint=https://localhost:8081/;AccountKey=<cosmosdb-account-key>"
db, err := sql.Open(driver, dsn)
if err != nil {
panic(err)
}
defer db.Close()
_, err = db.Exec("CREATE DATABASE mydb WITH maxru=10000")
if err != nil {
panic(err)
}
// database "mydb" has been created successfuly
}
Data Source Name (DSN) syntax for Cosmos DB
Note: line-break is for readability only!
AccountEndpoint=<cosmosdb-endpoint>
;AccountKey=<cosmosdb-account-key>
[;TimeoutMs=<timeout-in-ms>]
[;Version=<cosmosdb-api-version>]
[;DefaultDb|Db=<db-name>]
[;AutoId=<true/false>]
[;InsecureSkipVerify=<true/false>]
AccountEndpoint
: (required) endpoint to access Cosmos DB. For example, the endpoint for Azure Cosmos DB Emulator running on local is https://localhost:8081/
.AccountKey
: (required) account key to authenticate.TimeoutMs
: (optional) operation timeout in milliseconds. Default value is 10 seconds
if not specified.Version
: (optional) version of Cosmos DB to use. Default value is 2020-07-15
if not specified. See: https://learn.microsoft.com/rest/api/cosmos-db/#supported-rest-api-versions.DefaultDb
: (optional) specify the default database used in Cosmos DB operations. Alias Db
can also be used instead of DefaultDb
.AutoId
: (optional) see auto id section.InsecureSkipVerify
: (optional) if true
, disable CA verification for https endpoint (useful to run against test/dev env with local/docker Cosmos DB emulator).Azure Cosmos DB requires each document has a unique ID that identifies the document.
When creating new document, if value for the unique ID field is not supplied gocosmos
is able to generate one automatically. This feature is enabled
by specifying setting AutoId=true
in the Data Source Name (for database/sql
driver) or the connection string (for REST client). If not specified, default
value is AutoId=true
.
GROUP BY
combined with ORDER BY
is not supported
Azure Cosmos DB does not support GROUP BY
combined with ORDER BY
yet. You will receive the following error message:
'ORDER BY' is not supported in presence of GROUP BY.
Cross-partition paging
Cross-partition paging can be done with the OFFSET...LIMIT
clause. However, the query is not stable without ORDER BY
. The returned results may not be consistent from query to query.
Queries that may consume a large amount of memory
These queries may consume a large amount of memory if executed against a large table:
OFFSET...LIMIT
clause with big offset or limit values.SELECT DISTINCT
and SELECT DISTINCT VALUE
queries.GROUP BY
clause.See the REST.md file for details.
This project is licensed under the MIT License - see the LICENSE.md file for details.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.