Add Snowflake loader support

[Copilot]

Adds Snowflake as a supported database backend alongside existing MySQL and PostgreSQL loaders.

Implementation

• Loader (api/loaders/snowflake_loader.py): Full schema extraction including tables, columns, foreign keys, and relationships via INFORMATION_SCHEMA queries. Uses Snowflake's SAMPLE clause for random value sampling.

• Integration: Updated schema_loader.py and text2sql.py to detect and route snowflake:// URLs to the new loader.

• Security: Uses snowflake-connector-python@3.13.2 (patched version, avoids CVE in write_pandas present in ≤3.13.0).

Connection Format

# URL structure
snowflake://user:pass@account/database/schema?warehouse=COMPUTE_WH

# Defaults: schema=PUBLIC, warehouse=COMPUTE_WH
snowflake://user:pass@account/sales_db

Architecture Notes

• Follows existing loader pattern (implements BaseLoader, async generator for progress streaming)
• Handles schema modification detection for graph refresh
• Parameterized queries throughout to prevent injection

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add support for Snowflake</issue_title>
<issue_description>Add support for Snowflake loader.

See reference: https://github.com/FalkorDB/QueryWeaver/tree/main/api/loaders</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Add support for Snowflake #379

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[gkorland]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/asn1crypto	1.5.1	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2026.1.4	🟢 6.8	Details Check Score Reason Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/cffi	1.17.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Maintained 🟢 10 24 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/cryptography	44.0.3	🟢 7.8	Details Check Score Reason Code-Review 🟢 8 Found 6/7 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Vulnerabilities 🟢 3 7 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/filelock	3.20.3	Unknown	Unknown
pip/pyopenssl	24.3.0	🟢 6.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/snowflake-connector-python	3.13.2	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts ⚠️ 0 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/tomlkit	0.14.0	Unknown	Unknown
pip/urllib3	2.6.3	🟢 8.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 27 out of 27 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review 🟢 8 Found 19/22 approved changesets -- score normalized to 8 Contributors 🟢 10 project has 125 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• Pipfile.lock

[Copilot]

Pull request overview

This PR adds comprehensive support for Snowflake database connections to QueryWeaver, enabling schema extraction and Text2SQL functionality for Snowflake databases. The implementation follows the existing loader pattern established by MySQL and PostgreSQL loaders.

Changes:

• Added Snowflake connector dependency and implemented a complete loader with schema extraction, foreign key detection, and query execution capabilities
• Extended database type detection in schema_loader.py and text2sql.py to recognize Snowflake URLs
• Created comprehensive test suite with 15 unit tests covering URL parsing, value serialization, and schema operations
• Added detailed documentation explaining Snowflake connection format, features, and troubleshooting

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
api/loaders/snowflake_loader.py	Core Snowflake loader implementation with schema extraction, query execution, and connection URL parsing
api/core/schema_loader.py	Added Snowflake URL detection and loader registration
api/core/text2sql.py	Added Snowflake database type detection for query execution
tests/test_snowflake_loader.py	Comprehensive unit tests for Snowflake loader functionality
docs/snowflake_loader.md	Complete documentation for Snowflake loader usage and troubleshooting
Pipfile	Added snowflake-connector-python dependency

[Copilot]

SQL injection vulnerability in query construction. The schema_name parameter is directly interpolated into the SQL query without parameterization. If user input can influence schema_name, this could allow SQL injection. Use parameterized queries or properly escape the schema_name value.

Suggested change

	cursor.execute(f"""
	SELECT TABLE_NAME, COMMENT
	FROM {db_name}.INFORMATION_SCHEMA.TABLES
	WHERE TABLE_SCHEMA = '{schema_name}'
	AND TABLE_TYPE = 'BASE TABLE'
	ORDER BY TABLE_NAME;
	""")
	# Validate database and schema names to prevent SQL injection via identifiers
	if not re.fullmatch(r"[A-Za-z0-9_]+", db_name):
	raise ValueError(f"Invalid Snowflake database name: {db_name!r}")
	if not re.fullmatch(r"[A-Za-z0-9_]+", schema_name):
	raise ValueError(f"Invalid Snowflake schema name: {schema_name!r}")
	query = f"""
	SELECT TABLE_NAME, COMMENT
	FROM "{db_name}".INFORMATION_SCHEMA.TABLES
	WHERE TABLE_SCHEMA = %s
	AND TABLE_TYPE = 'BASE TABLE'
	ORDER BY TABLE_NAME;
	"""
	cursor.execute(query, (schema_name,))

[Copilot]

SQL injection vulnerability in query construction. The db_name, schema_name, and table_name parameters are directly interpolated into the SQL query without parameterization. Use parameterized queries or properly escape these values.

[Copilot]

SQL injection vulnerability in query construction. The db_name, schema_name, and table_name parameters are directly interpolated without parameterization. This pattern appears multiple times in the file and should be addressed consistently.

[Copilot]

SQL injection vulnerability. The table_name and col_name parameters are directly interpolated into the query without parameterization. Even though they have double quotes, this doesn't fully protect against SQL injection if the values contain double quotes themselves.

Suggested change

	query = f"""
	SELECT DISTINCT "{col_name}"
	FROM "{table_name}"
	WHERE "{col_name}" IS NOT NULL
	SAMPLE ({sample_size * 10} ROWS)
	LIMIT {sample_size};
	"""
	cursor.execute(query)
	# Validate identifiers to prevent SQL injection via table/column names.
	# Allow only alphanumeric characters, underscore, dollar sign, and dot.
	identifier_pattern = re.compile(r'^[A-Za-z0-9_\$\.]+$')
	if not identifier_pattern.match(table_name):
	raise ValueError(f"Invalid table name: {table_name!r}")
	if not identifier_pattern.match(col_name):
	raise ValueError(f"Invalid column name: {col_name!r}")
	# Ensure sample_size is a positive integer.
	if not isinstance(sample_size, int) or sample_size <= 0:
	raise ValueError(f"sample_size must be a positive integer, got {sample_size!r}")
	sample_rows = sample_size * 10
	query = """
	SELECT DISTINCT "{col_name}"
	FROM "{table_name}"
	WHERE "{col_name}" IS NOT NULL
	SAMPLE (%s ROWS)
	LIMIT %s;
	""".format(col_name=col_name, table_name=table_name)
	cursor.execute(query, (sample_rows, sample_size))

[Copilot]

The test doesn't verify that the connection commits the transaction or that the query was actually executed with the correct parameters. Consider adding assertions to verify mock_cursor.execute was called with the expected SQL query.

[Copilot]

SQL injection vulnerability in foreign key query. Similar to other queries in this file, the db_name, schema_name, and table_name are interpolated without parameterization.

Suggested change

	cursor.execute(f"""
	SELECT COLUMN_NAME
	FROM {db_name}.INFORMATION_SCHEMA.TABLE_CONSTRAINTS tc
	JOIN {db_name}.INFORMATION_SCHEMA.KEY_COLUMN_USAGE kcu
	ON tc.CONSTRAINT_NAME = kcu.CONSTRAINT_NAME
	AND tc.TABLE_SCHEMA = kcu.TABLE_SCHEMA
	AND tc.TABLE_NAME = kcu.TABLE_NAME
	WHERE tc.TABLE_SCHEMA = '{schema_name}'
	AND tc.TABLE_NAME = '{table_name}'
	AND tc.CONSTRAINT_TYPE = 'PRIMARY KEY';
	""")
	primary_keys = {row['COLUMN_NAME'] for row in cursor.fetchall()}
	# Get foreign key information
	cursor.execute(f"""
	SELECT COLUMN_NAME
	FROM {db_name}.INFORMATION_SCHEMA.TABLE_CONSTRAINTS tc
	JOIN {db_name}.INFORMATION_SCHEMA.KEY_COLUMN_USAGE kcu
	ON tc.CONSTRAINT_NAME = kcu.CONSTRAINT_NAME
	AND tc.TABLE_SCHEMA = kcu.TABLE_SCHEMA
	AND tc.TABLE_NAME = kcu.TABLE_NAME
	WHERE tc.TABLE_SCHEMA = '{schema_name}'
	AND tc.TABLE_NAME = '{table_name}'
	AND tc.CONSTRAINT_TYPE = 'FOREIGN KEY';
	""")
	safe_db_name = db_name.replace('"', '""')
	pk_query = f"""
	SELECT COLUMN_NAME
	FROM "{safe_db_name}".INFORMATION_SCHEMA.TABLE_CONSTRAINTS tc
	JOIN "{safe_db_name}".INFORMATION_SCHEMA.KEY_COLUMN_USAGE kcu
	ON tc.CONSTRAINT_NAME = kcu.CONSTRAINT_NAME
	AND tc.TABLE_SCHEMA = kcu.TABLE_SCHEMA
	AND tc.TABLE_NAME = kcu.TABLE_NAME
	WHERE tc.TABLE_SCHEMA = %s
	AND tc.TABLE_NAME = %s
	AND tc.CONSTRAINT_TYPE = 'PRIMARY KEY';
	"""
	cursor.execute(pk_query, (schema_name, table_name))
	primary_keys = {row['COLUMN_NAME'] for row in cursor.fetchall()}
	# Get foreign key information
	fk_query = f"""
	SELECT COLUMN_NAME
	FROM "{safe_db_name}".INFORMATION_SCHEMA.TABLE_CONSTRAINTS tc
	JOIN "{safe_db_name}".INFORMATION_SCHEMA.KEY_COLUMN_USAGE kcu
	ON tc.CONSTRAINT_NAME = kcu.CONSTRAINT_NAME
	AND tc.TABLE_SCHEMA = kcu.TABLE_SCHEMA
	AND tc.TABLE_NAME = kcu.TABLE_NAME
	WHERE tc.TABLE_SCHEMA = %s
	AND tc.TABLE_NAME = %s
	AND tc.CONSTRAINT_TYPE = 'FOREIGN KEY';
	"""
	cursor.execute(fk_query, (schema_name, table_name))

[Copilot]

SQL injection vulnerability in extract_foreign_keys method. The db_name, schema_name, and table_name parameters are directly interpolated without parameterization.

[Copilot]

SQL injection vulnerability in extract_relationships method. The db_name and schema_name parameters are directly interpolated without parameterization.