sqlguard

package
v0.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrDangerousSQL   = errors.New("dangerous sql detected")
	ErrSQLParseFailed = errors.New("failed to parse sql")
	ErrNotReadOnly    = errors.New("only read-only sql statements are permitted")
)

Functions

func EnsureReadOnly added in v0.28.0

func EnsureReadOnly(kind config.DBKind, sql string) error

EnsureReadOnly verifies that sql consists solely of read-only statements (SELECT/SHOW/DESCRIBE) for the given dialect. Unlike Check it fails closed: a parse error, an empty statement list, or any non-read statement returns an error. It also rejects data-modifying CTEs (e.g. WITH x AS (DELETE ... RETURNING ...) SELECT ...), whose top-level type is SELECT but which execute writes, and dialect-specific side-effecting functions (see dangerousFunctionsByKind). It is intended for surfaces that execute caller-supplied SQL, such as the MCP database query tool. kind selects which dangerous-function denylist applies.

func IsWhitelisted

func IsWhitelisted(ctx context.Context) bool

IsWhitelisted returns true if the context is marked to skip SQL guard checks.

func WithWhitelist

func WithWhitelist(ctx context.Context) context.Context

WithWhitelist marks the context to skip SQL guard checks.

Types

type DeleteWithoutWhereRule

type DeleteWithoutWhereRule struct{}

DeleteWithoutWhereRule blocks DELETE statements without WHERE clause.

func (*DeleteWithoutWhereRule) Check

func (r *DeleteWithoutWhereRule) Check(astNode *ast.AST) *Violation

func (*DeleteWithoutWhereRule) Name

type DropStatementRule

type DropStatementRule struct{}

DropStatementRule blocks DROP statements.

func (*DropStatementRule) Check

func (r *DropStatementRule) Check(astNode *ast.AST) *Violation

func (*DropStatementRule) Name

func (*DropStatementRule) Name() string

type Guard

type Guard struct {
	// contains filtered or unexported fields
}

Guard coordinates sql rule checking.

func NewGuard

func NewGuard(logger logx.Logger, rules ...Rule) *Guard

NewGuard creates a new sql guard with the given rules. If no rules are provided, the default rules are used.

func (*Guard) Check

func (g *Guard) Check(sql string) error

Check validates the sql statement against all rules. Returns nil if the sql is safe, or an error if a violation is detected. Unlike EnsureReadOnly it fails OPEN: SQL that the parser cannot understand is allowed through, because Check is a best-effort developer write-guardrail (the opt-in query hook), not a security sandbox. The authoritative protection for untrusted SQL is a least-privilege database role.

type GuardError

type GuardError struct {
	Err       error
	Violation *Violation
	SQL       string
}

GuardError wraps a sql guard error with additional context.

func (*GuardError) Error

func (e *GuardError) Error() string

func (*GuardError) Unwrap

func (e *GuardError) Unwrap() error

type Rule

type Rule interface {
	// Name returns the rule identifier (e.g., "no_drop", "no_truncate").
	Name() string
	// Check inspects the SQL AST and returns a Violation if the rule is violated, or nil if it passes.
	Check(astNode *ast.AST) *Violation
}

Rule defines the interface for SQL checking rules.

func DefaultRules

func DefaultRules() []Rule

DefaultRules returns the default set of SQL checking rules.

type TruncateStatementRule

type TruncateStatementRule struct{}

TruncateStatementRule blocks TRUNCATE statements.

func (*TruncateStatementRule) Check

func (r *TruncateStatementRule) Check(astNode *ast.AST) *Violation

func (*TruncateStatementRule) Name

func (*TruncateStatementRule) Name() string

type UpdateWithoutWhereRule added in v0.29.0

type UpdateWithoutWhereRule struct{}

UpdateWithoutWhereRule blocks UPDATE statements without WHERE clause.

func (*UpdateWithoutWhereRule) Check added in v0.29.0

func (r *UpdateWithoutWhereRule) Check(astNode *ast.AST) *Violation

func (*UpdateWithoutWhereRule) Name added in v0.29.0

type Violation

type Violation struct {
	Rule        string
	Statement   string
	Description string
}

Violation represents a SQL rule violation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL