
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Ruby gem to load SQL queries from templates using ERB.
It makes working with pure SQL easier with syntax highlighting.
Let's you clean your Ruby code from SQL strings.
Supported extensions: .sql.erb
or .erb.sql
Add this line to your application's Gemfile:
gem 'sql_query'
And then execute:
$ bundle
Or install it yourself as:
$ gem install sql_query
Create SQL query in file in app/sql_queries
directory
# app/sql_queries/get_player_by_email.sql.erb
SELECT *
FROM players
WHERE email = <%= quote @email %>
quote
method is an alias to ActiveRecord.connection.quote
method. You can use it to sanitize your variables for SQL.
You can use SQL like this:
> query = SqlQuery.new(:get_player_by_email, email: 'e@mail.dev')
> query.execute
(0.6ms) SELECT * FROM players WHERE email = 'e@mail.dev'
=> []
> query.explain
=> EXPLAIN for:
SELECT *
FROM players
WHERE email = 'e@mail.dev'
QUERY PLAN
----------------------------------------------------------
Seq Scan on players (cost=0.00..2.14 rows=1 width=5061)
Filter: ((email)::text = 'e@mail.dev'::text)
(2 rows)
> query.sql
=> "SELECT *\nFROM players\nWHERE email = 'e@mail.dev'\n"
> query.pretty_sql
=> SELECT *
FROM players
WHERE email = 'e@mail.dev'
If you need to have nested paths to your queries like player/get_by_email
just use string instead of symbol as file name.
Example:
SqlQuery.new('player/get_by_email', email: 'e@mail.dev')
#execute
but with data returned via ActiveRecord::Result
.# config/initializers/sql_query.rb
SqlQuery.configure do |config|
config.path = '/app/sql_templates'
config.adapter = ActiveRecord::Base
end
path - If you don't like default path to your queries you can change it here.
adapter - class which implements connection method.
You can prepare part of sql query in partial file and reuse it in multiple queries.
Partial file should start with '_'.
Example:
# app/sql_queries/_email_partial.sql.erb
players.email = <%= quote @email %>
and use this partial like this:
SELECT *
FROM players
WHERE <%= partial :email_partial %>
Check examples folder for some usefull queries.
If you have some examples to share please make pull request.
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)To run specs, setup Postgres with the following:
CREATE DATABASE sqlquery;
CREATE ROLE sqlquery WITH LOGIN;
FAQs
Unknown package
We found that sql_query demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.