From ef2d9b7c830ff3c55ca2c2f9db6f7ce3fd93a5c8 Mon Sep 17 00:00:00 2001
From: Akshay Ahuja <akahuja.81@gmail.com>
Date: Mon, 4 Nov 2024 15:52:46 +0530
Subject: [PATCH 1/5] security warning fixes

---
 lib/query_helper/sql_parser.rb | 5 +++--
 spec/fixtures/controllers.rb   | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/query_helper/sql_parser.rb b/lib/query_helper/sql_parser.rb
index 86c5876..bd8bbde 100644
--- a/lib/query_helper/sql_parser.rb
+++ b/lib/query_helper/sql_parser.rb
@@ -18,7 +18,8 @@ def update(sql)
 
     def remove_comments
       # Remove SQL inline comments (/* */) and line comments (--)
-      @sql = @sql.gsub(/\/\*(.*?)\*\//, '').gsub(/--(.*)$/, '')
+      @sql = @sql.gsub(%r{/\*.*?\*/}m, '')   # Removes multi-line comments (/* ... */)
+           .gsub(/--[^\n]*$/, '')       # Removes single-line comments (-- ... until end of line)
       @sql.squish!
     end
 
@@ -186,7 +187,7 @@ def find_aliases
         ColumnMap.new(
           alias_name: sql_alias,
           sql_expression: sql_expression.squish,
-          aggregate: /(array_agg|avg|bit_and|bit_or|bool_and|bool_or|boolor_agg|booland_agg|count|every|json_agg|jsonb_agg|json_object_agg|jsonb_object_agg|max|min|string_agg|sum|xmlagg)\((.*)\)/.match?(sql_expression)
+          aggregate: /\b(array_agg|avg|bit_and|bit_or|bool_and|bool_or|boolor_agg|booland_agg|count|every|json_agg|jsonb_agg|json_object_agg|jsonb_object_agg|max|min|string_agg|sum|xmlagg)\((.*?)\)/.match?(sql_expression)
         ) if sql_alias
       end
       column_maps.compact
diff --git a/spec/fixtures/controllers.rb b/spec/fixtures/controllers.rb
index 2ffb53f..6d79d78 100644
--- a/spec/fixtures/controllers.rb
+++ b/spec/fixtures/controllers.rb
@@ -5,6 +5,7 @@ class ApplicationController < ActionController::API
   include Rails.application.routes.url_helpers
   include QueryHelper::QueryHelperConcern
   before_action :create_query_helper
+  protect_from_forgery with: :exception
 end
 
 class ParentsController < ApplicationController

From 8aee296810ca6fe86cef7d6d6b9b81b577ea6133 Mon Sep 17 00:00:00 2001
From: Akshay Ahuja <akahuja.81@gmail.com>
Date: Tue, 5 Nov 2024 17:39:23 +0530
Subject: [PATCH 2/5] security warnings fixes applied

---
 spec/fixtures/controllers.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec/fixtures/controllers.rb b/spec/fixtures/controllers.rb
index 6d79d78..2567a58 100644
--- a/spec/fixtures/controllers.rb
+++ b/spec/fixtures/controllers.rb
@@ -4,6 +4,7 @@
 class ApplicationController < ActionController::API
   include Rails.application.routes.url_helpers
   include QueryHelper::QueryHelperConcern
+  include ActionController::RequestForgeryProtection
   before_action :create_query_helper
   protect_from_forgery with: :exception
 end

From 42775403dd8d90c627c628d7df8f32706408b72a Mon Sep 17 00:00:00 2001
From: Akshay Ahuja <akahuja.81@gmail.com>
Date: Tue, 5 Nov 2024 18:02:33 +0530
Subject: [PATCH 3/5] security warning fixes

---
 lib/query_helper/sql_parser.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/query_helper/sql_parser.rb b/lib/query_helper/sql_parser.rb
index bd8bbde..48142dc 100644
--- a/lib/query_helper/sql_parser.rb
+++ b/lib/query_helper/sql_parser.rb
@@ -18,8 +18,9 @@ def update(sql)
 
     def remove_comments
       # Remove SQL inline comments (/* */) and line comments (--)
-      @sql = @sql.gsub(%r{/\*.*?\*/}m, '')   # Removes multi-line comments (/* ... */)
-           .gsub(/--[^\n]*$/, '')       # Removes single-line comments (-- ... until end of line)
+      @sql = @sql.gsub(%r{/\*[^/]*?\*/}m, '')  # Removes multi-line comments (/* ... */)
+              .gsub(/--[^\n]*/, '')            # Removes single-line comments (--)
+
       @sql.squish!
     end
 

From 27a2be5617cd8967dd6f01f3ef7919a9e9033047 Mon Sep 17 00:00:00 2001
From: Akshay Ahuja <akahuja.81@gmail.com>
Date: Tue, 5 Nov 2024 18:35:47 +0530
Subject: [PATCH 4/5] code scanning changes for regex applied to fix security
 warning

---
 lib/query_helper/sql_parser.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/query_helper/sql_parser.rb b/lib/query_helper/sql_parser.rb
index 48142dc..1104c87 100644
--- a/lib/query_helper/sql_parser.rb
+++ b/lib/query_helper/sql_parser.rb
@@ -188,7 +188,7 @@ def find_aliases
         ColumnMap.new(
           alias_name: sql_alias,
           sql_expression: sql_expression.squish,
-          aggregate: /\b(array_agg|avg|bit_and|bit_or|bool_and|bool_or|boolor_agg|booland_agg|count|every|json_agg|jsonb_agg|json_object_agg|jsonb_object_agg|max|min|string_agg|sum|xmlagg)\((.*?)\)/.match?(sql_expression)
+          aggregate: /\b(array_agg|avg|bit_and|bit_or|bool_and|bool_or|boolor_agg|booland_agg|count|every|json_agg|jsonb_agg|json_object_agg|jsonb_object_agg|max|min|string_agg|sum|xmlagg)\((.*)\)/.match?(sql_expression)
         ) if sql_alias
       end
       column_maps.compact

From 17d1ac82c711da951df56cf4a175742f2af5ab78 Mon Sep 17 00:00:00 2001
From: Akshay Ahuja <akahuja.81@gmail.com>
Date: Wed, 6 Nov 2024 13:55:02 +0530
Subject: [PATCH 5/5] gem version updated

---
 Gemfile.lock                | 2 +-
 lib/query_helper/version.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 95d6c65..29a4afa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    query_helper (0.3.9)
+    query_helper (0.4.0)
       activerecord (> 5)
       activesupport (> 5)
       sqlite3
diff --git a/lib/query_helper/version.rb b/lib/query_helper/version.rb
index bf34ca1..f1c7f8d 100644
--- a/lib/query_helper/version.rb
+++ b/lib/query_helper/version.rb
@@ -1,3 +1,3 @@
 class QueryHelper
-  VERSION = "0.3.9"
+  VERSION = "0.4.0"
 end