Flow-Style Query Language | Wvlet
Wvlet is a cross-SQL flow-style query language for functional data modeling and interactive data analysis. Analyze As You WriteThe flow-style query enables you to analyze data as you write queries for interactive data exploration. Use our interactive REPL or write queries in VS Code with full syntax highlighting. Functional Data ModelingWvlet enables to build functional (i.e., reusable and composa
SQLã«å¯¾ã™ã‚‹ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã®ã‚¢ãƒ—ãƒãƒ¼ãƒæ¯”較ã€ãã—ã¦SafeQLã®ç´¹ä»‹
ã¯ã˜ã‚ã« ã“ã‚“ã«ã¡ã¯ã€‚calloc134 ã§ã™ã€‚ ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰é–‹ç™ºã«ãŠã„ã¦ã€DB ã«ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å˜ã™ã‚‹ã“ã¨ã¯ã‚ˆãã‚ã‚‹ã“ã¨ã§ã™ã€‚ DB ã¨æŽ¥ç¶šã—ã¦ãƒ‡ãƒ¼ã‚¿ã®ã‚„ã‚Šå–ã‚Šã‚’è¡Œã†å¿…è¦ãŒã‚ã‚Šã¾ã™ãŒã€çš†ã•ã‚“ã¯ã©ã®ã‚ˆã†ã«ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¦ã„ã¾ã™ã‹ï¼Ÿ ORM やクエリビルダを利用ã—ãŸã‚Šã€é€†ã« SQL を記述ã—ã¦ã‚³ãƒ¼ãƒ‰ç”Ÿæˆã‚’è¡Œã£ãŸã‚Šã¨ã€æ§˜ã€…ãªæ–¹æ³•ãŒã‚ã‚Šã¾ã™ã€‚ 今回ã¯ã“れらã®ã‚¢ãƒ—ãƒãƒ¼ãƒã«ã¤ã„ã¦æ¯”較ã—ã€æ¯”較的斬新ãªæ–¹é‡ã‚’å–ã£ã¦ã„ã‚‹ã‚‚ã®ã¨ã—㦠SafeQL を紹介ã—ã¾ã™ã€‚ 注æ„点 ã“ã“ã§ã¯ã€TypeScript ã®ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰é–‹ç™ºã¨ã€ãã“ã§åˆ©ç”¨ã•ã‚Œã‚‹ãƒ©ã‚¤ãƒ–ラリをå‰æã¨ã—ã¦è©±ã‚’進ã‚ã¾ã™ã€‚ Go ã‚„ Python ãªã©ä»–ã®è¨€èªžã§ã®åˆ©ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€åˆ¥é€”調査ãŒå¿…è¦ã§ã™ã€‚ SQL ã«å¯¾ã™ã‚‹ã‚¢ãƒ—ãƒãƒ¼ãƒ ã¾ãšã€SQL ã«å¯¾ã™ã‚‹ã‚¢ãƒ—ãƒãƒ¼ãƒã«ã¯å¤§ãã分ã‘㦠2 ã¤ã®æ–¹æ³•ãŒã‚ã‚Šã¾ã™ã€‚ ãã‚Œãžã‚Œã®ãƒ©ã‚¤ãƒ–ラリã®ä½¿ã„方をã€ç°¡å˜ã«è¦‹ã¦ã„ãã¾
SQLã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¨ãã®ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ã«ã¤ã„ã¦ã®ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ãƒ–ック
開発者å‘ã‘ã®SQLインデックス解説サイトã€ç®¡ç†ã«ã¤ã„ã¦ã®é–“é•ã„ãªã„知è˜ã‚’æä¾›ã—ã¾ã™ã€‚ インデックスã¯é–‹ç™ºæ™‚ã«ã¯å¿˜ã‚Œã‚‰ã‚ŒãŒã¡ã§ã‚る一方ã§ã€éžå¸¸ã«åŠ¹æžœçš„ãªSQLã®ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°æ–¹æ³•ã§ã™ã€‚Use The Index, Lukeã§ã¯ã€Hibernateãªã©ã®ORMツールã®è§£èª¬ã«ã¨ã©ã¾ã‚‰ãšã€SQLã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«ã¤ã„ã¦åŸºç¤Žã‹ã‚‰èª¬æ˜Žã—ã¾ã™ã€‚ Use The Index, Lukeã¯SQLパフォーマンス詳解ã®Web上ã®ç„¡æ–™ç‰ˆã§ã™ã€‚サイトを気ã«å…¥ã£ã¦é ‚ã‘ãŸã‚‰ã€ãœã²æ›¸ç±ã‚‚購入ã—ã¦ã¿ã¦ä¸‹ã•ã„。ã¾ãŸã€ã“ã®ã‚µã‚¤ãƒˆã®é‹å–¶ã‚’サãƒãƒ¼ãƒˆã™ã‚‹æ§˜ã€…ãªã‚°ãƒƒã‚ºã‚‚販売ã—ã¦ã„ã¾ã™ã€‚ MySQLã€Oracleã€SQL Serverãªã©ã«ãŠã‘ã‚‹SQLã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹Use The Index, Lukeã§ã¯ã€ãƒ™ãƒ³ãƒ€ã«ã¨ã‚‰ã‚ã‚Œãªã„インデックスã®èª¬æ˜Žã‚’心ãŒã‘ã¦ã„ã¾ã™ã€‚製å“特有ã®äº‹æŸ„ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªè¡¨ç¤ºã‚’ã—ã¦ã„ã¾ã™ã€‚ Db2 (LUW)U
SQL/コマンドインジェクションã€XSSç‰ã‚’横串ã§ç†è§£ã™ã‚‹ - 「インジェクションã€è„†å¼±æ€§ã¸ã®å‘ãåˆã„æ–¹ - GMO Flatt Security Blog
ã“ã‚“ã«ã¡ã¯ã€@hamayanhamayan ã§ã™ã€‚ 本稿ã§ã¯Webã‚»ã‚ュリティã«å¯¾ã™ã‚‹æœ‰ç”¨ãªæ–‡æ›¸ã¨ã—ã¦åºƒãå‚ç…§ã•ã‚Œã¦ã„ã‚‹OWASP Top 10ã®1ã¤ã€Œã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã€ã«ã¤ã„ã¦è€ƒãˆã¦ã„ãã¾ã™ã€‚色々ãªã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚’例ã«æŒ™ã’ãªãŒã‚‰ã€ã©ã®ã‚ˆã†ã«ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ãŒèµ·ã“ã‚‹ã®ã‹ã¨ã„ã†ç™ºç”ŸåŽŸç†ã‹ã‚‰ã€ã©ã®ã‚ˆã†ã«ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚’æ‰ãˆã€ã‚ˆã‚Šåºƒãインジェクションã®è€ƒãˆæ–¹ã‚’自身ã®ãƒ—ãƒãƒ€ã‚¯ãƒˆé–‹ç™ºã«é©ç”¨ã—ã¦ã„ãã‹ã«ã¤ã„ã¦æ‰±ã£ã¦ã„ãã¾ã™ã€‚ SQLインジェクションやコマンドインジェクションã€XSSã®ã‚ˆã†ãªã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã«é–¢ã‚る有åãªæ‰‹æ³•ã«ã¤ã„ã¦æ¨ªæ–çš„ã«è§£èª¬ã‚’ã—ãªãŒã‚‰ã€ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã®æ¦‚念を説明ã—ã¦ã„ãã¾ã™ã€‚åˆã‚ã¦ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã«è§¦ã‚Œã‚‹æ–¹ã«ã¨ã£ã¦ã¯ã€ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã®å®Ÿä¾‹ã‚„基本的ãªè€ƒãˆæ–¹ã«è§¦ã‚Œã‚‹ã“ã¨ãŒã§ãã€ãã®å…¨ä½“åƒã‚’把æ¡ã™ã‚‹åŠ©ã‘ã«ãªã‚‹ã‹ã¨æ€ã„ã¾ã™ã€‚ ã¾ãŸã€æ—¢ã«ã„ãã¤ã‹ã®ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³æ‰‹æ³•ã‚’知ã£ã¦ã„ã‚‹æ–¹ã«ã¨
å„SQLサーãƒã§OSコマンドを実行ã™ã‚‹æ–¹æ³•
sql-execute-os-command.md Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog SQLサーãƒã‹ã‚‰åˆ¥ã®ã¨ã“ã‚ã«ä¾µå…¥ã™ã‚‹ãƒ‘ターンã§ã€SQLサーãƒä¸Šã§OSã®ã‚³ãƒžãƒ³ãƒ‰ã‚’利用ã—ã¦ã‚‹ã‚±ãƒ¼ã‚¹ãŒå¢—ãˆã¦ã„る。 å„SQLサーãƒã§OSコマンドを実行ã™ã‚‹æ–¹æ³•ã‚’知りãŸã„。 Type How To Status SQL Server xp_cmdshell Disable by Default MySQL system (\!) Enable in Terminal PostgreSQL COPY Require pg_execute_server_program role Related Exploiting PostgreSQL
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog
Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach we’ve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Server. The attackers initially exploited a SQL injection vulnerability in an application within the target
テストを書ããŸã„プãƒã‚°ãƒ©ãƒ ãŒSQLã®å›ºã¾ã‚Šã - ã‚„ã£ã¨ã‚€ã§ã½ã‚“
(2009.3.5 テストデータã«ã¤ã„ã¦ã¡ã‚‡ã£ã¨è¿½è¨˜) Working Effectively with Legacy Codeã‚’èªã‚“ã§ã„ã¾ã™ã€‚å‰åŠã€ãƒ†ã‚¹ãƒˆã®æ„義ã¨ã‹æ¦‚念ã®ç´¹ä»‹(test harness, seamãªã©)ã¯ã™ã°ã‚‰ã—ã„。後åŠã®ã€å€‹åˆ¥ã®çŠ¶æ³ã¸ã®å¯¾ç–ã‚‚ã€æ•´ç†ã•ã‚Œã¦ã„ã¦ã‚ã‚ŠãŒãŸã„ã§ã™ã€‚自分ã§ã‚‚使ã£ã¦ã„ã‚‹ãŠãªã˜ã¿ã®æ‰‹æ³•ã‚‚ã‚ã‚Œã°ã€ç›®ã‚¦ãƒã‚³ãªã“ã¨ã‚‚ã‚る。 ã§ã‚‚ã€ã“ã†ã„ã†â†“ç« ãŒã‚ã£ãŸã‚‰ã‚ˆã‹ã£ãŸãªã‚。 「テストを書ããŸã„ã‘ã‚Œã©ãƒ—ãƒã‚°ãƒ©ãƒ ãŒå·¨å¤§ãªSQLã®å›ºã¾ã‚Šã 〠ã„ã¾ä»•äº‹ã‚’ã—ã¦ã„ã‚‹ä¿å®ˆãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãŒã€ãã†ã„ã†çŠ¶æ³ãªã‚ã‘ã§ã™ã€‚ã‚‚ã†ã™ã“ã—æ•´ç†ã™ã‚‹ã¨ã€ テーブル数ãŒå¤šã(100以上)ã€é‡è¤‡ã—ãŸé …目も多ã„(éžæ£è¦åŒ–) ã²ã¨ã¤ã®å‡¦ç†ã‚’ã™ã‚‹ã®ã«ã ã„ãŸã„ã€æœ€ä½Ž5ã¤ä»¥ä¸Š(10を超ãˆã‚‹ã‚‚ã®ã‚‚多ã„)ã®ãƒ†ãƒ¼ãƒ–ルを扱ã£ã¦ã„ã‚‹(å‚ç…§ãªã‚‰JOINã‚„UNIONã€æ›´æ–°ãªã‚‰ãã‚Œãžã‚Œã«UPDATE/INSERT) 処ç†ã‚’走らã›
Using plugins — sqlc 1.30.0 documentation
Using pluginsïƒ To use plugins, you must be using Version 2 of the configuration file. The top-level plugins array defines the available plugins. WASM pluginsïƒ WASM plugins are fully sandboxed; they do not have access to the network, filesystem, or environment variables. In the codegen section, the out field dictates what directory will contain the new files. The plugin key must reference a plugin
SQL Injection を探ã›ï¼ æ–‡å—列テンプレートリテラル 㨠Raw Query ã«ã‚ˆã‚‹ã‚„らã‹ã—探㗠- ã¶ã‚‹ãƒ¼ãŸã‚‹ã”ã¶ã‚Šã‚“
ã¯ã˜ã‚㫠失敗記事ã§ã™ï¼ˆSQLI 一個も見ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸï¼‰ã€‚ å‰å›žã®è¨˜äº‹ã§ã¯ GitHub ã«æ¼ã‚Œå‡ºãŸã‚³ãƒ¼ãƒ‰ã‚’ GitHub Code Search を使ã£ã¦æ¤œç´¢ã—ã¾ã—ãŸã€‚ brutalgoblin.hatenablog.jp 今回ã¯å°‘ã—特殊㪠SQL Injection ã‚’å‰å›žåŒæ§˜ã« GitHub Code Search ã®åŠ›ã‚’借りã¦æŽ¢ãã†ã¨æ€ã„ã¾ã™ã€‚ 特殊㪠SQLI ã¨ã¯ã€ä¸€èˆ¬çš„ãªæ–‡å—列çµåˆã§ã¯ãªã〠文å—列テンプレートリテラルを使ã£ãŸçµåˆã«ã‚ˆã‚‹ SQLI ã§ã™ï¼ˆå¾Œè¿°ï¼‰ 失敗記事ã§ã¯ã‚ã‚‹ã®ã§ã™ãŒã€è¦³ç‚¹çš„ã«ã¯çµæ§‹é¢ç™½ã„ã¨æ€ã†ã®ã§ã€è»½ãã¾ã¨ã‚ã¦ã¿ã¾ã™ã€‚ ã¾ãŸã€ä»Šå›žã¯ ORM ã«é™å®šã—ã¦æŽ¢ã—ã¾ã—ãŸãŒã€é™å®šã—ãªã‘ã‚Œã°çµæ§‹è¦‹ã¤ã‹ã‚‹ã®ã‹ã‚‚ãªãƒ¼ã¨æ€ã£ã¦ã¾ã™ã€‚ 見ã¤ã‘よã†ã¨ã—ãŸã‚‚ã® ã”å˜çŸ¥ã®é€šã‚Šã€SQL Injection ã®ä¸€ç•ªè‰¯ãã‚るミスã¯ã€ æ–‡å—列çµåˆã—㟠SQL を発行ã—ã€ãã®ã¾ã¾ In
Querying GitHub Security Advisories With SQL ðŸ›¡ï¸ | MergeStat Documentation
Did you know that GitHub maintains a public database of known CVEs and security advisories for open-source codebases? The database is a public Git repository that holds JSON files in OSV format, partitioned by date. This is the data that's displayed on the github.com/advisories page, which also powers Dependabot alerts! Since it's just a Git repo, we wanted to take it for a spin with MergeStat to
Querying the GitHub archive with the ClickHouse playground
Via this comment on Hacker News I started exploring the ClickHouse Playground. It's really cool, and among other things it allows CORS-enabled API hits that can query a decade of history from the GitHub events archive in less than a second. ClickHouse is an open source column-oriented database, originally developed at Yandex but spun out into a separate, VC-funded company in 2021. It's designed fo
GitHub - sqldef/sqldef: Idempotent schema management for MySQL, PostgreSQL, SQLite, and SQL Server
sqldef is the easiest idempotent schema management tool for MySQL, PostgreSQL, SQLite3, and SQL Server that uses plain SQL DDLs. Define your desired schema in SQL, and sqldef generates and applies the migrations to update your database. With sqldef, you maintain a single SQL file with your complete schema. To modify your schema - add columns, change constraints, or create indexes - simply edit thi
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Executive SummaryTeam82 has developed a generic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. Major WAF vendors lacked JSON support in their products, despite it being supported by most database engines for a decade. Most WAFs will easily detect SQLi attacks, but prepending JS
JSON ã‚„ CSV 㧠SELECT * FROM ã—ãŸã„ã¨ã㯠columnq-cli ãŒä¾¿åˆ©
techfeed 経由ã§ä¸‹è¨˜ã®ã‚¹ãƒ¬ãƒƒãƒ‰ã‚’見ã‹ã‘ãŸã®ã§ã™ãŒã€ã‚¿ã‚¤ãƒˆãƒ«ã ã‘ã§ã‚‚æ—¢ã«é¢ç™½ãã†ã§ã™ã€‚ ã¾ãŸã€ã¡ã‚‡ã£ã¨å‰ã‹ã‚‰ Notion ã®ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’å„種コンテンツã¸å¤‰æ›ã™ã‚‹ãƒ„ールを作ã£ã¦ã„ã¾ã—ã¦ã€ã“れを組ã¿åˆã‚ã›ã‚‹ã¨ã„ã‚ã„ã‚楽ã§ããã†ãªäºˆæ„ŸãŒã—ã¾ã™ã€‚ ãã®ã‚ˆã†ãªã‚ã‘ã§ã€ã‚¹ãƒ¬ãƒƒãƒ‰ã§ç´¹ä»‹ã•ã‚Œã¦ã„㟠columnq-cli ã«ã¤ã„ã¦ã®è¨˜äº‹ã§ã™ã€‚ columnq-cli ã¨ã¯ï¼Ÿ README ã‚’èªã‚€ã¨ã€Œå„種データをテーブルã¨ã—㦠SELECT ã§ãるよã†ã«ã™ã‚‹ CLI ツールã€ã§ã€ãƒ†ãƒ¼ãƒ–ルソースã«ã¯ JSON ãªã©ã®ä»–ã« ROAPI ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ã‚‚ã®ã‚’扱ãˆã‚‹ã¨ã®ã“ã¨ã€‚ (SELECT ã®ã¿ã§æ›´æ–°ã¯ã§ããªã„) ã“ã“㧠ROAPI ã¨ã¯ãªã‚“ãžã‚„ã¨ãªã‚Šã¾ã™ãŒã€ã“ã¡ã‚‰ã¯ã€Œãƒãƒ¼ã‚«ãƒ«ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ ã‚„å„種サービスã®ãƒ‡ãƒ¼ã‚¿ã‚’çµ±åˆçš„ã«æ‰±ãˆã‚‹(SELECT ã§ãã‚‹)サーãƒãƒ¼ã€ã‚’構築ã§ãã‚‹ãã†ã§ã™ã€‚ 図 1-
ランã‚ング
ランã‚ング
メンテナンス
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Everything You Always Wanted To Know About GitHub (But Were Afraid To Ask)
GitHub - future-architect/uroborosql-fmt
Skytable Octave is here | Skytable Blog
GitHub - cmoog/vscode-sql-notebook: Open SQL files as VSCode Notebooks.
Open-sourcing SQLCoder: a state-of-the-art LLM for SQL generation
GitHub - mergestat/mergestat: MergeStat enables anyone to ask questions about the history and contents of source code.
{{#tags}}- {{label}}
{{/tags}}