{"id":50398577,"url":"https://github.com/jackc/pgsqlarbiter-go","last_synced_at":"2026-05-30T22:01:42.275Z","repository":{"id":349179956,"uuid":"1201363305","full_name":"jackc/pgsqlarbiter-go","owner":"jackc","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-04T15:39:40.000Z","size":38,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-11T16:48:45.892Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jackc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-04T15:22:12.000Z","updated_at":"2026-05-04T18:46:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jackc/pgsqlarbiter-go","commit_stats":null,"previous_names":["jackc/pgsqlarbiter-go"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jackc/pgsqlarbiter-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackc%2Fpgsqlarbiter-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackc%2Fpgsqlarbiter-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackc%2Fpgsqlarbiter-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackc%2Fpgsqlarbiter-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jackc","download_url":"https://codeload.github.com/jackc/pgsqlarbiter-go/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jackc%2Fpgsqlarbiter-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33711018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-30T22:01:41.453Z","updated_at":"2026-05-30T22:01:42.270Z","avatar_url":"https://github.com/jackc.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pgsqlarbiter\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/jackc/pgsqlarbiter-go.svg)](https://pkg.go.dev/github.com/jackc/pgsqlarbiter-go)\n[![CI](https://github.com/jackc/pgsqlarbiter-go/actions/workflows/ci.yml/badge.svg)](https://github.com/jackc/pgsqlarbiter-go/actions/workflows/ci.yml)\n\npgsqlarbiter is SQL query permission system for PostgreSQL. It is designed for granting semi-trusted users access to a PostgreSQL database. PostgreSQL's permission system is a necessary foundation, but further restrictions are often required. pgsqlarbiter adds the following:\n\n* Only single statement DML (SELECT, INSERT, UPDATE, DELETE, MERGE, or VALUES) queries are allowed.\n* All referenced tables, views, and named functions must be whitelisted.\n\nThese additional restrictions close many unexpected difficult or impossible to restrict with the PostgreSQL permission system such as:\n\n* Exposure of system information via `information_schema` or `pg_catalog`.\n* Exposure of system information via `SHOW`.\n* Transactions that can block other users.\n* `SET` can disable restrictions such as `statement_timeout`.\n* Unexpected access to dangerous built-in functions like `set_config`, `pg_sleep`, `lo_*`, `pg_advisory_lock`, and `pg_notify`.\n\n## Installation\n\n```\ngo get github.com/jackc/pgsqlarbiter-go\n```\n\n## Usage\n\n```go\n// Analyze a SQL query to extract statement type, tables, and functions.\nanalysis, err := pgsqlarbiter.Analyze(\"SELECT * FROM users WHERE id = $1\")\n// analysis.StatementType == pgsqlarbiter.StatementSelect\n// analysis.Tables == []string{\"users\"}\n// analysis.Functions == []string{}\n\n// Use an Arbiter to check if a SQL query is permitted.\narbiter := \u0026pgsqlarbiter.Arbiter{\n    AllowedTables: []string{\"users\"},\n}\n\nallowed := arbiter.Allow(\"SELECT count(*) FROM users\")\n\n// Use Judge for detailed denial reasons.\nverdict, err := arbiter.Judge(\"SELECT count(*) FROM users\")\n// verdict.Allowed == true\n// verdict.Analysis contains the parsed analysis\n// verdict.DisallowedTables, verdict.DisallowedFunctions list any violations\n```\n\n## Limitations\n\npgsqlarbiter is not sufficient security on its own. It is designed to be an additional layer on top of using a heavily restricted PostgreSQL user.\n\n* pgsqlarbiter uses its own SQL parser. A potential weakness is a mismatch between the pgsqlarbiter and PostgreSQL SQL parsers.\n* Operators and type casts are implemented via functions. These pass through without filtering.\n* Identifiers with containing dots are rejected.\n\n## Other Implementations\n\n* [pgsqlarbiter-rb](https://github.com/jackc/pgsqlarbiter-rb) - Ruby\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjackc%2Fpgsqlarbiter-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjackc%2Fpgsqlarbiter-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjackc%2Fpgsqlarbiter-go/lists"}