feat: add placeholderRule setting

Author: gajus

.README/README.md

@@ -57,7 +57,13 @@ npm install eslint-plugin-sql --save-dev
 
 ## Settings
 
-N/A
+### `placeholderRule`
+
+A regex used to ignore placeholders or other fragments of the query that'd make it invalid SQL query, e.g.
+
+If you are using `?` placeholders in your queries, you must ignore `\?` pattern as otherwise the string is not going to be recognized as a valid SQL query.
+
+This configuration is relevant for `sql/no-unsafe-query` to match queries containing placeholders as well as for `sql/format` when used with `{ignoreTagless: false}` configuration.
 
 ## Rules
 

README.md

@@ -14,6 +14,7 @@ SQL linting rules for ESLint.
     * [Installation](#eslint-plugin-sql-installation)
     * [Configuration](#eslint-plugin-sql-configuration)
     * [Settings](#eslint-plugin-sql-settings)
+        * [`placeholderRule`](#eslint-plugin-sql-settings-placeholderrule)
     * [Rules](#eslint-plugin-sql-rules)
         * [`format`](#eslint-plugin-sql-rules-format)
         * [`no-unsafe-query`](#eslint-plugin-sql-rules-no-unsafe-query)
@@ -68,7 +69,14 @@ npm install eslint-plugin-sql --save-dev
 <a name="eslint-plugin-sql-settings"></a>
 ## Settings
 
-N/A
+<a name="eslint-plugin-sql-settings-placeholderrule"></a>
+### <code>placeholderRule</code>
+
+A regex used to ignore placeholders or other fragments of the query that'd make it invalid SQL query, e.g.
+
+If you are using `?` placeholders in your queries, you must ignore `\?` pattern as otherwise the string is not going to be recognized as a valid SQL query.
+
+This configuration is relevant for `sql/no-unsafe-query` to match queries containing placeholders as well as for `sql/format` when used with `{ignoreTagless: false}` configuration.
 
 <a name="eslint-plugin-sql-rules"></a>
 ## Rules
@@ -180,6 +188,9 @@ The following patterns are considered problems:
 
 foo`SELECT ${'bar'}`
 // Message: Use "sql" tag
+
+`SELECT ?`
+// Message: Use "sql" tag
 ```
 
 The following patterns are not considered problems:

package.json

@@ -6,6 +6,7 @@
   },
   "dependencies": {
     "astring": "^1.0.2",
+    "debug": "^2.6.8",
     "lodash": "^4.17.4",
     "pg-formatter": "^1.1.0",
     "sql-parse": "^0.1.5"
@@ -53,7 +54,7 @@
     "documentation-add-assertions": "babel-node ./bin/readmeAssertions",
     "lint": "eslint ./src ./test",
     "precommit": "npm run lint && npm run test",
-    "test": "mocha --compilers js:babel-register ./test/rules/index.js"
+    "test": "mocha --compilers js:babel-register ./test/**/*.js"
   },
   "version": "1.0.1"
 }

src/rules/format.js

@@ -9,6 +9,8 @@ import {
 import isSqlQuery from '../utilities/isSqlQuery';
 
 export default (context) => {
+  const placeholderRule = context.settings.sql && context.settings.sql.placeholderRule;
+
   const pluginOptions = context.options && context.options[0] || {};
 
   const ignoreExpressions = pluginOptions.ignoreExpressions === true;
@@ -35,7 +37,7 @@ export default (context) => {
         })
         .join(magic);
 
-      if (!sqlTagIsPresent && !isSqlQuery(literal)) {
+      if (!sqlTagIsPresent && !isSqlQuery(literal, placeholderRule)) {
         return;
       }
 

src/rules/noUnsafeQuery.js

@@ -1,8 +1,13 @@
 // @flow
 
+import createDebug from 'debug';
 import isSqlQuery from '../utilities/isSqlQuery';
 
+const debug = createDebug('eslint-plugin-sql:rule:no-unsafe-query');
+
 export default (context) => {
+  const placeholderRule = context.settings.sql && context.settings.sql.placeholderRule;
+
   const allowLiteral = context.options && context.options[0] && context.options[0].allowLiteral;
 
   return {
@@ -15,9 +20,15 @@ export default (context) => {
         .map((quasi) => {
           return quasi.value.raw;
         })
-        .join('1');
+        .join('foo');
+
+      debug('input', literal);
+
+      const recognizedAsQuery = isSqlQuery(literal, placeholderRule);
+
+      debug('recognized as a query', recognizedAsQuery);
 
-      if (!isSqlQuery(literal)) {
+      if (!recognizedAsQuery) {
         return;
       }
 

src/utilities/isSqlQuery.js

@@ -2,13 +2,19 @@
 
 import parser from 'sql-parse';
 
-export default (literal: string): boolean => {
+export default (literal: string, ignorePattern: string): boolean => {
   if (!literal) {
     return false;
   }
 
+  let maybeSql = literal;
+
+  if (ignorePattern) {
+    maybeSql = maybeSql.replace(new RegExp(ignorePattern, 'g'), 'foo');
+  }
+
   try {
-    parser.parse(literal);
+    parser.parse(maybeSql);
   } catch (error) {
     return false;
   }

test/rules/assertions/noUnsafeQuery.js

@@ -25,6 +25,19 @@ export default {
           message: 'Use "sql" tag'
         }
       ]
+    },
+    {
+      code: '`SELECT ?`',
+      errors: [
+        {
+          message: 'Use "sql" tag'
+        }
+      ],
+      settings: {
+        sql: {
+          placeholderRule: '\\?'
+        }
+      }
     }
   ],
   valid: [

test/utilities/isSqlQuery.js

@@ -0,0 +1,18 @@
+/* global describe */
+/* global it */
+
+import assert from 'assert';
+import isSqlQuery from '../../src/utilities/isSqlQuery';
+
+describe('isSqlQuery', () => {
+  it('recognizes SQL input', () => {
+    assert(isSqlQuery('SELECT 1'));
+  });
+  it('recognizes SQL input after ignoring defined patterns', () => {
+    assert(isSqlQuery('SELECT ? FROM bar', '\\?'));
+  });
+  it('distinguishes from non-SQL input', () => {
+    assert(!isSqlQuery('foo bar'));
+    assert(!isSqlQuery('foo SELECT FROM bar'));
+  });
+});