Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
yaasql
Yaasql
Basic SQL-templating library inspired by https://github.com/krisajenkins/yesql.
You can read more about the rationale for a library like this in Yesql's Readme
Usage
Installing
gem 'yaasql'
Defining Queries
Create a .sql file to define your queries.
Queries must be identified with a comment line each query a name. This name will become the name of the Ruby method yaasql eventually creates for your query.
You may have multiple queries per file.
-- name: count_examples
SELECT COUNT(*) FROM examples;
Loading queries
require 'yaasql/db'
require 'pg'
class MyDB
DB_CONN = PG.connect(DB_URL)
extend Yaasql::DB
define_queries("./queries.sql", DB_CONN)
end
MyDB.new.count_examples
# => [{"count" => "3"}]
Parameterizing Queries
Words with a leading : in query files will be interpreted as arguments to the query.
-- name: get_example_by_id
SELECT * FROM examples where id = :id limit 1;
-- name: get_examples_by_id
SELECT * FROM examples where id =ANY(:ids);
Arguments can then be provided as a symbol-keyed hash when querying the function:
db = MyDB.new
db.get_example_by_id({id: 1})
# => [{"id" => "1", "name" => "example 1"}]
db.get_examples_by_id({ids: [1,2,3]})
# => [{"id" => "1", "name" => "example 1"}, {"id" => "2", "name" => "example 2"}]
Development
Requires a local postgres server for testing.
bundle install
rake setup # creates the test postgres DB
rake # runs tests
Releasing
- Builds the
.gempackage - Creates and pushes a git tag for the current version
- Pushes the
.gemto rubygems.org
bundle exec rake release
Building a .gem package
bundle exec rake build
Installing Dev Version Locally
bundle exec rake install
Feature Wishlist
- Reading multiple queries from single string (blank-line separated?)
- Module for including into a namespace
- Metaprogramming for defining query methods
- Define queries from a file
- Support array queries with
=ANY() -
where IN (...)queries - Option for stdout / stdin redirection (to support
COPY FROM/COPY TOqueries) - Option for streaming queries to process results row-by-row (e.g. for large datasets)
- Support positional
?arguments
License
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that yaasql demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025