Skip to content

Commit

Permalink
refactor: use SQLite parser to validate SQL queries and verify requir…
Browse files Browse the repository at this point in the history 
…ed columns

Co-Authored-By: Matt Wong <[email protected]>
  • Loading branch information
@devin-ai-integration @liquidaty
devin-ai-integration[bot] and liquidaty committed Dec 20, 2024
1 parent 3c6fde5 commit c54c5d4
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions app/utils/overwrite.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,31 @@ static const char *get_safe_sql_query(sqlite3 *db, const char *user_sql) {
return default_query;
}

// Verify required columns are present
int col_count = sqlite3_column_count(stmt);
int has_row = 0, has_column = 0, has_value = 0, has_timestamp = 0;

for (int i = 0; i < col_count; i++) {
const char *col_name = sqlite3_column_name(stmt, i);
if (!col_name)
continue;

if (strcmp(col_name, "row") == 0)
has_row = 1;
else if (strcmp(col_name, "column") == 0)
has_column = 1;
else if (strcmp(col_name, "value") == 0)
has_value = 1;
else if (strcmp(col_name, "timestamp") == 0)
has_timestamp = 1;
}

sqlite3_finalize(stmt);

// Ensure all required columns are present
if (!has_row || !has_column || !has_value || !has_timestamp)
return default_query;

return user_sql;
}

Expand Down

0 comments on commit c54c5d4

Please sign in to comment.