Skip to content

Fix SQL Injection Vulnerabilities in 7 Adapters and PII Logic (Issue #216) #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
trxvorr wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix SQL Injection Vulnerabilities in 7 Adapters and PII Logic (Issue #216) #218

trxvorr wants to merge 2 commits into from

Conversation

@trxvorr
Copy link
Contributor

@trxvorr trxvorr commented Dec 29, 2025
edited by raphael-intugle
Loading

Description

Fixed SQL injection vulnerabilities in multiple database adapters (PostgresAdapter, DatabricksAdapter, SQLServerAdapter, SnowflakeAdapter, OracleAdapter, MariaDBAdapter, BigQueryAdapter) and resolved hardcoded PII logic in DataProduct (Issue #216).

Type of Change

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 📝 Documentation update
  • 🎨 Code style update (formatting, renaming)
  • ♻️ Refactoring (no functional changes)
  • ⚡ Performance improvement
  • ✅ Test update
  • 🔧 Configuration change
  • 🏗️ Infrastructure/build change

Related Issue(s)

Fixes #216

Changes Made

  • Security Fixes: Implemented safe identifier quoting using sqlglot (and exp.to_table) across 7 adapters to prevent SQL injection.
  • PII Fix: Modified DataProduct.get_all_field_details to dynamically set is_pii=True when "PII" is present in column tags (previously hardcoded to False).
  • Testing: Added tests/security/test_adapter_security.py with regression tests for all fixed adapters.

Testing

Test Configuration

  • Python Version: 3.13.2
  • OS: Windows

Test Cases

  • Unit tests pass locally
  • Tested against vulnerable patterns (reproduction scripts)

Test Commands

pytest tests/security/test_adapter_security.py

Checklist

  • My code follows the code style of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings or linter errors
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published
  • I have updated the relevant notebooks (if applicable)
  • I have checked my code and corrected any misspellings

Documentation Updates

  • README.md updated
  • Docstrings added/updated
  • Documentation site updated (if needed)
  • Notebook examples updated (if applicable)
  • CHANGELOG updated (if applicable)

Breaking Changes

  • This PR introduces breaking changes
  • Migration guide provided (if applicable)

Performance Impact

  • No significant performance impact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] [SECURITY/CRITICAL] SQL Injection Vulnerabilities in DB Adapters and Hardcoded PII Logic

1 participant

@trxvorr