Module dk.cloudcreate.essentials.components.foundation
Package dk.cloudcreate.essentials.components.foundation.postgresql

Class PostgresqlUtil

java.lang.Object
dk.cloudcreate.essentials.components.foundation.postgresql.PostgresqlUtil
public final class PostgresqlUtil extends Object

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Set<String>
    RESERVED_NAMES
    This list incorporates a broad range of reserved names, including those specific to PostgreSQL as well as standard SQL keywords, that cannot be used as COLUMN, TABLE and INDEX names.

  • Constructor Summary

    Constructors
    Constructor
    Description
    PostgresqlUtil()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    checkIsValidTableOrColumnName(String tableOrColumnName)
    Validates whether the provided table or column name is valid according to PostgreSQL naming conventions and does not conflict with reserved keywords.
    This method calls checkIsValidTableOrColumnName(String, String) with a null context.

    The method provided is designed as an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
    However, Essentials components as well as checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
    The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
    Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
    Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
    static void
    checkIsValidTableOrColumnName(String tableOrColumnName, String context)
    Validates whether the provided table or column name is valid according to PostgreSQL naming conventions and does not conflict with reserved keywords.

    The method provided is designed as an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
    However, Essentials components as well as checkIsValidTableOrColumnName(String, String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
    The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
    Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
    Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
    static int
    getServiceMajorVersion(org.jdbi.v3.core.Handle handle)
    Read the major Postgresql server version

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • RESERVED_NAMES

      public static final Set<String> RESERVED_NAMES
      This list incorporates a broad range of reserved names, including those specific to PostgreSQL as well as standard SQL keywords, that cannot be used as COLUMN, TABLE and INDEX names. Developers should use this list cautiously and always cross-reference against the current version of PostgreSQL they are working with, as database systems frequently update their list of reserved keywords.

      The primary goal of this list is to avoid naming conflicts and ensure compatibility with SQL syntax, in an attempt to reduce errors and potential SQL injection vulnerabilities.

  • Constructor Details

    • PostgresqlUtil

      public PostgresqlUtil()

  • Method Details

    • getServiceMajorVersion

      public static int getServiceMajorVersion(org.jdbi.v3.core.Handle handle)
      Read the major Postgresql server version
      Parameters:
      handle - the jdbi handle that will be used for querying
      Returns:
      the major version (12, 13, 14, 15, etc.)

    • checkIsValidTableOrColumnName

      public static void checkIsValidTableOrColumnName(String tableOrColumnName, String context)
      Validates whether the provided table or column name is valid according to PostgreSQL naming conventions and does not conflict with reserved keywords.

      The method provided is designed as an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as checkIsValidTableOrColumnName(String, String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
      The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
      Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

      The method checks if the tableOrColumnName:

      • Is not null, empty, and does not consist solely of whitespace.
      • Does not match any PostgreSQL reserved keyword (case-insensitive check).
      • Contains only characters valid for PostgreSQL identifiers: letters, digits, and underscores, and does not start with a digit.

      Parameters:
      tableOrColumnName - the table or column name to validate.
      context - optional context that will be included in any error message. null value means no context is provided
      Throws:
      InvalidTableOrColumnNameException - if the provided name is null, empty, matches a reserved keyword, or contains invalid characters.

    • checkIsValidTableOrColumnName

      public static void checkIsValidTableOrColumnName(String tableOrColumnName)
      Validates whether the provided table or column name is valid according to PostgreSQL naming conventions and does not conflict with reserved keywords.
      This method calls checkIsValidTableOrColumnName(String, String) with a null context.

      The method provided is designed as an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
      The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
      Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

      The method checks if the tableOrColumnName:

      • Is not null, empty, and does not consist solely of whitespace.
      • Does not match any PostgreSQL reserved keyword (case-insensitive check).
      • Contains only characters valid for PostgreSQL identifiers: letters, digits, and underscores, and does not start with a digit.

      Parameters:
      tableOrColumnName - the table or column name to validate.
      Throws:
      InvalidTableOrColumnNameException - if the provided name is null, empty, matches a reserved keyword, or contains invalid characters.