Sanitize Database Name, Licenses 2025-07-28

lib/sanitize.sh

@@ -165,6 +165,17 @@ sanitize_email() {
     echo "$sanitized"
 }
 
+# Sanitize database/table names
+sanitize_database_name() {
+    local name="$1"
+
+    # Database names should only contain alphanumeric and underscores
+    local sanitized
+    sanitized=$(echo "$name" | sed 's/[^a-zA-Z0-9_]//g' | sed 's/^[0-9]/_&/')
+
+    echo "$sanitized"
+}
+
 # Main sanitization function - sanitizes all environment variables
 sanitize_inputs() {
     log_debug "Sanitizing input parameters..."
@@ -293,10 +304,10 @@ sanitize_inputs() {
         log_debug "Sanitized CLICKHOUSE_URL: $CLICKHOUSE_URL"
     fi
 
-    # if [[ -n "${CLICKHOUSE_DATABASE:-}" ]]; then
-    #     CLICKHOUSE_DATABASE=$(sanitize_database_name "$CLICKHOUSE_DATABASE")
-    #     log_debug "Sanitized CLICKHOUSE_DATABASE: $CLICKHOUSE_DATABASE"
-    # fi
+    if [[ -n "${CLICKHOUSE_DATABASE:-}" ]]; then
+        CLICKHOUSE_DATABASE=$(sanitize_database_name "$CLICKHOUSE_DATABASE")
+        log_debug "Sanitized CLICKHOUSE_DATABASE: $CLICKHOUSE_DATABASE"
+    fi
 
     if [[ -n "${CLICKHOUSE_USERNAME:-}" ]]; then
         CLICKHOUSE_USERNAME=$(sanitize_string "$CLICKHOUSE_USERNAME" 100)

license-mappings.json

@@ -166,6 +166,28 @@
   "github.com/aws/smithy-go": "Apache-2.0",
   "github.com/aymanbagabas/go-osc52/v2": "MIT",
   "github.com/aymerick/douceur": "MIT",
+  "github.com/bahlo/generic-list-go": "BSD-3-Clause",
+  "github.com/baidubce/bce-sdk-go": "Apache-2.0",
+  "github.com/bboreham/go-loser": "Apache-2.0",
+  "github.com/benbjohnson/clock": "MIT",
+  "github.com/beorn7/perks": "MIT",
+  "github.com/bkielbasa/cyclop": "MIT",
+  "github.com/blang/semver/v4": "MIT",
+  "github.com/blizzy78/varnamelen": "MIT",
+  "github.com/bmatcuk/doublestar/v4": "MIT",
+  "github.com/bombsimon/logrusr/v2": "MIT",
+  "github.com/bombsimon/wsl/v4": "MIT",
+  "github.com/bradleyfalzon/ghinstallation/v2": "Apache-2.0",
+  "github.com/braintree/manners": "MIT",
+  "github.com/breml/bidichk": "MIT",
+  "github.com/breml/errchkjson": "MIT",
+  "github.com/briandowns/spinner": "Apache-2.0",
+  "github.com/bufbuild/protocompile": "Apache-2.0",
+  "github.com/buger/jsonparser": "MIT",
+  "github.com/butuzov/ireturn": "MIT",
+  "github.com/butuzov/mirror": "MIT",
+  "github.com/bytedance/sonic": "Apache-2.0",
+  "github.com/bytedance/sonic/loader": "Apache-2.0",
   "github.com/Azure/azure-amqp-common-go/v3": "MIT",
   "github.com/Azure/azure-pipeline-go": "MIT",
   "github.com/Azure/azure-sdk-for-go-extensions": "MIT",

test/simple.bats

@@ -665,3 +665,45 @@ EOF
     [ "$status" -eq 1 ]
     [[ "$output" == *"Invalid email format"* ]]
 }
+
+# Test 73: sanitize_email accepts valid name
+@test "sanitize_database_name accepts valid name" {
+    run sanitize_database_name "test_database"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "test_database" ]]
+}
+
+# Test 74: sanitize_database_name accepts name with underscores
+@test "sanitize_database_name accepts name starting with underscore" {
+    run sanitize_database_name "_test_database"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "_test_database" ]]
+}
+
+# Test 75: sanitize_database_name accepts name with numbers
+@test "sanitize_database_name accepts name with numbers" {
+    run sanitize_database_name "test_database_123"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "test_database_123" ]]
+}
+
+# Test 76: sanitize_database_name removes dangerous characters
+@test "sanitize_database_name removes dangerous characters" {
+    run sanitize_database_name "test-database.name"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "testdatabasename" ]]
+}
+
+# Test 77: sanitize_database_name rejects name with starting with number
+@test "sanitize_database_name rejects name starting with number" {
+    run sanitize_database_name "1test_database"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "_1test_database" ]]
+}
+
+# Test 78: sanitize_database_name rejects name with spaces
+@test "sanitize_database_name rejects name with spaces" {
+    run sanitize_database_name "test database"
+    [ "$status" -eq 0 ]
+    [[ "$output" == "testdatabase" ]]
+}