Build a better blacklist check
marksweb opened this issue · comments
The blacklist checking is fairly basic and can be problematic because it doesn't differentiate between "drop" and "raindrop" for example.
e.g. "DROP" is a blacklisted term. However it's fine as part of another word, e.g. "DROPKICK" or "RAINDROP"...the SQL compiler isn't going to tokenize these things to produce "DROP".
Amend the blacklist checking to only raise an issue if the blacklisted term is surrounded by non-alphanumeric characters or start/end, so it'll flag "DROP", "DROP something", "(DROP something)"...but not "DROPKICK something"