fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-14 20:48:35 +00:00

History

Scott Gress 02c5026436 Allow ESCAPE in LIKE clauses to be valid SQL (#31222 ) for #30109 # Details This PR fixes an issue in our current SQL parsing library that was causing queries like this to be marked invalid: ``` SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\' ``` This is valid in SQLite because the `\` is not considered an escape character by default. From [the SQLite docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal Values (Constants)"; emphasis mine): > A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. # Use of forked code Part of the fix for this was [submitted as a PR to the node-sql-parser library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we now use, and merged. I then found that another fix was needed, which I submitted as [a separate PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As these fixes have yet to be made part of an official release of the library, I made a fork off of the release we were using (5.3.10) and bundled the necessary build artifacts with Fleet. We have an [ADR proposing the use of submodules for this purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to implement that instead if we approve that, although for a front-end module with a build step it's a bit more complicated. Hopefully this code will be released in `node-sql-parser` soon and we can revert back to using the dependency. Here is the [full set of changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus). # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Manual QA for all new/changed functionality		2025-07-25 10:13:55 -05:00
..
valid_email	Frontend: Improve URL and email validation (#18445 )	2024-04-25 13:03:30 -04:00
valid_jwt_token	License features (#1134 )	2017-02-09 22:16:51 -05:00
valid_password	Fleet UI: No role = no access, refactor jsx class components to typescript functional components (#12953 )	2023-08-02 11:29:49 -04:00
valid_url	Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (`frontend/docs/patterns.md`) (#27455 )	2025-03-27 13:56:38 -07:00
validate_equality	Fleet UI: No role = no access, refactor jsx class components to typescript functional components (#12953 )	2023-08-02 11:29:49 -04:00
validate_numericality	Create packs (#516 )	2016-12-21 12:25:54 -05:00
validate_presence	Fleet UI: 2FA (#24442 )	2024-12-05 15:54:43 -05:00
validate_query	Allow ESCAPE in LIKE clauses to be valid SQL (#31222 )	2025-07-25 10:13:55 -05:00
validate_yaml	Updated API routes to use current format for frontend use (#5018 )	2022-04-11 13:04:38 -07:00