From e2a8efe5caac1ffaa70d6d7dc55e4e6b9741a35f Mon Sep 17 00:00:00 2001
From: retoor <retoor@molodetz.nl>
Date: Sun, 9 Feb 2025 02:07:29 +0100
Subject: [PATCH] Updated sql security.

---
 src/snek/view/rpc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/snek/view/rpc.py b/src/snek/view/rpc.py
index 2a1963a..158ed21 100644
--- a/src/snek/view/rpc.py
+++ b/src/snek/view/rpc.py
@@ -113,7 +113,7 @@ class RPCView(BaseView):
             print(args,flush=True)
             query = args[0] 
             lowercase = query.lower()
-            if "drop" in lowercase or "alter" in lowercase or "update" in lowercase or "delete" in lowercase or 'replace' in lowercase or 'insert' in lowercase or 'select' not in lowercase:
+            if any(["drop" in lowercase, "alter" in lowercase,"update" in lowercase, "delete" in lowercase, 'replace' in lowercase , 'insert' in lowercase , 'truncate' in lowercase , 'select' not in lowercase]):
                 raise Exception("Not allowed")
             records = [dict(record) async for record in self.services.channel.query(args[0])]
             return records