From c54c5d4e67790011a73d86c939d61002d5aad3d0 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Fri, 20 Dec 2024 22:20:42 +0000
Subject: [PATCH] refactor: use SQLite parser to validate SQL queries and
 verify required columns

Co-Authored-By: Matt Wong <matt@liquidaty.com>
---
 app/utils/overwrite.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/app/utils/overwrite.c b/app/utils/overwrite.c
index d882d8a3..b500fa4c 100644
--- a/app/utils/overwrite.c
+++ b/app/utils/overwrite.c
@@ -153,7 +153,31 @@ static const char *get_safe_sql_query(sqlite3 *db, const char *user_sql) {
     return default_query;
   }
 
+  // Verify required columns are present
+  int col_count = sqlite3_column_count(stmt);
+  int has_row = 0, has_column = 0, has_value = 0, has_timestamp = 0;
+
+  for (int i = 0; i < col_count; i++) {
+    const char *col_name = sqlite3_column_name(stmt, i);
+    if (!col_name)
+      continue;
+
+    if (strcmp(col_name, "row") == 0)
+      has_row = 1;
+    else if (strcmp(col_name, "column") == 0)
+      has_column = 1;
+    else if (strcmp(col_name, "value") == 0)
+      has_value = 1;
+    else if (strcmp(col_name, "timestamp") == 0)
+      has_timestamp = 1;
+  }
+
   sqlite3_finalize(stmt);
+
+  // Ensure all required columns are present
+  if (!has_row || !has_column || !has_value || !has_timestamp)
+    return default_query;
+
   return user_sql;
 }