mangooer
diff --git a/‎README.md‎
Lines changed: 62 additions & 2 deletions b/‎README.md‎
Lines changed: 62 additions & 2 deletions
diff --git a/‎example.env‎
Lines changed: 10 additions & 0 deletions b/‎example.env‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/config.py‎
Lines changed: 11 additions & 0 deletions b/‎src/config.py‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/security/database_scope_checker.py‎
Lines changed: 207 additions & 0 deletions b/‎src/security/database_scope_checker.py‎
Lines changed: 207 additions & 0 deletions
@@ -18,6 +18,7 @@ This project is a MySQL query server based on the MCP framework, supporting real
 - 丰富的MySQL元数据与结构查询API
 - 自动事务管理与回滚
 - 多级SQL风险控制与注入防护
+- **数据库隔离安全**：防止跨数据库访问，支持三级访问控制
 - 敏感信息自动隐藏与自定义
 - 灵活的环境变量配置
 - 完善的日志与错误处理
@@ -29,6 +30,7 @@ This project is a MySQL query server based on the MCP framework, supporting real
 - Rich MySQL metadata & schema query APIs
 - Automatic transaction management & rollback
 - Multi-level SQL risk control & injection protection
+- **Database Isolation Security**: Prevents cross-database access with 3-level access control
 - Automatic and customizable sensitive info masking
 - Flexible environment variable configuration
 - Robust logging & error handling
@@ -146,6 +148,8 @@ Default endpoint: http://127.0.0.1:3000/sse
 | MAX_SQL_LENGTH           | 最大SQL语句长度 / Max SQL length                      | 5000             |
 | BLOCKED_PATTERNS         | 阻止的SQL模式(逗号分隔) / Blocked SQL patterns        | (空/empty)       |
 | ENABLE_QUERY_CHECK       | 启用查询安全检查 / Enable query check (true/false)    | true             |
+| **ENABLE_DATABASE_ISOLATION** | **启用数据库隔离 / Enable database isolation (true/false)** | **false** |
+| **DATABASE_ACCESS_LEVEL** | **数据库访问级别 / Database access level (strict/restricted/permissive)** | **permissive** |
 | LOG_LEVEL                | 日志级别(DEBUG/INFO/...) / Log level                 | DEBUG            |
 
 > 注/Note: 部分云MySQL需指定`DB_AUTH_PLUGIN`为`mysql_native_password`。
@@ -185,9 +189,47 @@ When using `caching_sha2_password`, the `cryptography` package is required (alre
 pip install cryptography
 ```
 
-详细配置指南请参考：[MySQL 8.0 认证插件支持指南](docs/mysql8_authentication.md)
 
-For detailed configuration guide, see: [MySQL 8.0 Authentication Plugin Support Guide](docs/mysql8_authentication.md)
+### 数据库隔离安全 / Database Isolation Security
+
+本系统提供强大的数据库隔离功能，防止跨数据库访问，确保数据安全。
+
+This system provides robust database isolation features to prevent cross-database access and ensure data security.
+
+#### 访问级别 / Access Levels
+
+| 级别 / Level | 允许访问 / Allowed Access | 适用场景 / Use Case |
+|-------------|---------------------------|-------------------|
+| **strict** | 仅指定数据库 / Only specified database | 生产环境 / Production |
+| **restricted** | 指定数据库 + 系统库 / Specified + system databases | 开发环境 / Development |
+| **permissive** | 所有数据库 / All databases | 测试环境 / Testing |
+
+#### 启用数据库隔离 / Enable Database Isolation
+
+```bash
+# Docker 启用严格模式 / Docker with strict mode
+docker run -d \
+  -e MYSQL_DATABASE=your_database \
+  -e ENABLE_DATABASE_ISOLATION=true \
+  -e DATABASE_ACCESS_LEVEL=strict \
+  mangooer/mysql-mcp-server-sse:latest
+
+# 生产环境自动启用 / Auto-enable in production
+docker run -d \
+  -e ENV_TYPE=production \
+  -e MYSQL_DATABASE=your_database \
+  mangooer/mysql-mcp-server-sse:latest
+```
+
+**安全效果 / Security Effects**：
+- ✅ 阻止 `SHOW DATABASES` / Blocks `SHOW DATABASES`
+- ✅ 阻止 `SELECT * FROM mysql.user` / Blocks `SELECT * FROM mysql.user`
+- ✅ 阻止 `SHOW TABLES FROM other_db` / Blocks `SHOW TABLES FROM other_db`
+- ✅ 允许当前数据库操作 / Allows current database operations
+
+> 🔒 **重要**：生产环境(`ENV_TYPE=production`)会自动启用数据库隔离，使用 `restricted` 模式。
+> 
+> 🔒 **Important**: Production environment (`ENV_TYPE=production`) automatically enables database isolation with `restricted` mode.
 
 ---
 
@@ -222,14 +264,20 @@ For detailed configuration guide, see: [MySQL 8.0 Authentication Plugin Support
 - 多级SQL风险等级（LOW/MEDIUM/HIGH/CRITICAL）
 - SQL注入与危险操作拦截
 - WHERE子句强制检查
+- **数据库隔离安全**：三级访问控制（strict/restricted/permissive）
+- **跨数据库访问防护**：阻止未授权的数据库访问
 - 敏感信息自动隐藏（支持自定义字段）
 - 生产环境默认只允许低风险操作
+- **生产环境自动启用数据库隔离**
 
 - Multi-level SQL risk levels (LOW/MEDIUM/HIGH/CRITICAL)
 - SQL injection & dangerous operation interception
 - Mandatory WHERE clause check
+- **Database Isolation Security**: 3-level access control (strict/restricted/permissive)
+- **Cross-database Access Protection**: Blocks unauthorized database access
 - Automatic sensitive info masking (customizable fields)
 - Production allows only low-risk operations by default
+- **Auto-enable database isolation in production**
 
 ---
 
@@ -261,6 +309,18 @@ A: 设置SENSITIVE_INFO_FIELDS，如SENSITIVE_INFO_FIELDS=password,token
 Q: How to customize sensitive fields?
 A: Set SENSITIVE_INFO_FIELDS, e.g. SENSITIVE_INFO_FIELDS=password,token
 
+### Q: 如何启用数据库隔离？
+A: 设置ENABLE_DATABASE_ISOLATION=true和DATABASE_ACCESS_LEVEL=strict，或使用ENV_TYPE=production自动启用。
+
+Q: How to enable database isolation?
+A: Set ENABLE_DATABASE_ISOLATION=true and DATABASE_ACCESS_LEVEL=strict, or use ENV_TYPE=production for auto-enable.
+
+### Q: 数据库隔离后无法查询系统表？
+A: strict模式禁止系统表访问，可改为restricted模式，或检查是否确实需要系统表访问权限。
+
+Q: Cannot query system tables after enabling database isolation?
+A: strict mode blocks system table access. Use restricted mode or verify if system table access is actually needed.
+
 ### Q: limit参数报错？
 A: limit必须为非负整数。
 
 
@@ -46,6 +46,16 @@ BLOCKED_PATTERNS=
 # 是否启用查询安全检查
 ENABLE_QUERY_CHECK=true
 
+# 数据库隔离配置
+# 是否启用数据库隔离（防止跨数据库访问）
+ENABLE_DATABASE_ISOLATION=false
+# 数据库访问级别: strict(严格), restricted(限制), permissive(宽松)
+# - strict: 只能访问指定的数据库
+# - restricted: 可以访问指定数据库和系统库(information_schema, mysql等)
+# - permissive: 可以访问所有数据库（默认）
+# 注意：生产环境(ENV_TYPE=production)会自动启用数据库隔离并设为restricted模式
+DATABASE_ACCESS_LEVEL=permissive
+
 # 日志配置
 # DEBUG, INFO, WARNING, ERROR, CRITICAL
 LOG_LEVEL=DEBUG 
@@ -109,6 +109,17 @@ class SecurityConfig:
 
     # 查询检查
     ENABLE_QUERY_CHECK = os.getenv('ENABLE_QUERY_CHECK', 'true').lower() in ('true', 'yes', '1')
+    
+    # 数据库隔离配置
+    ENABLE_DATABASE_ISOLATION = os.getenv('ENABLE_DATABASE_ISOLATION', 'false').lower() in ('true', 'yes', '1')
+    DATABASE_ACCESS_LEVEL = os.getenv('DATABASE_ACCESS_LEVEL', 'permissive').lower()
+    
+    # 生产环境强制数据库隔离
+    if ENV_TYPE == EnvironmentType.PRODUCTION and not os.getenv('DATABASE_ACCESS_LEVEL'):
+        DATABASE_ACCESS_LEVEL = 'restricted'  # 生产环境默认使用限制模式
+        ENABLE_DATABASE_ISOLATION = True
+        logger = __import__('logging').getLogger("mysql_server")
+        logger.info("生产环境自动启用数据库隔离，访问级别设为 restricted")
 
 # SQL操作配置
 class SQLConfig:
 
@@ -0,0 +1,207 @@
+"""
+数据库范围检查器
+用于检测和限制SQL查询中的跨数据库访问
+"""
+import re
+import logging
+from typing import Set, Optional, List, Tuple
+from enum import Enum
+
+logger = logging.getLogger("mysql_server")
+
+class DatabaseAccessLevel(Enum):
+    """数据库访问级别"""
+    STRICT = "strict"           # 严格模式：只能访问指定数据库
+    RESTRICTED = "restricted"   # 限制模式：允许访问指定数据库和系统库
+    PERMISSIVE = "permissive"   # 宽松模式：允许访问所有数据库（默认）
+
+class DatabaseScopeViolation(Exception):
+    """数据库范围违规异常"""
+    pass
+
+class DatabaseScopeChecker:
+    """数据库范围检查器"""
+    
+    # 系统数据库列表
+    SYSTEM_DATABASES = {
+        'information_schema',
+        'mysql', 
+        'performance_schema',
+        'sys'
+    }
+    
+    # 跨数据库查询模式
+    CROSS_DB_PATTERNS = [
+        # database.table 格式
+        r'\b([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # SHOW TABLES FROM database
+        r'\bSHOW\s+(?:FULL\s+)?TABLES\s+FROM\s+([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # USE database
+        r'\bUSE\s+([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # SELECT ... FROM database.table
+        r'\bFROM\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # JOIN database.table
+        r'\bJOIN\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # INSERT INTO database.table
+        r'\bINTO\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # UPDATE database.table
+        r'\bUPDATE\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+        # DELETE FROM database.table
+        r'\bDELETE\s+FROM\s+([a-zA-Z_][a-zA-Z0-9_]*)\s*\.\s*([a-zA-Z_][a-zA-Z0-9_]*)\b',
+    ]
+    
+    def __init__(self, allowed_database: Optional[str] = None, 
+                 access_level: DatabaseAccessLevel = DatabaseAccessLevel.PERMISSIVE):
+        """
+        初始化数据库范围检查器
+        
+        Args:
+            allowed_database: 允许访问的数据库名称
+            access_level: 访问级别
+        """
+        self.allowed_database = allowed_database
+        self.access_level = access_level
+        self.is_enabled = allowed_database is not None and access_level != DatabaseAccessLevel.PERMISSIVE
+        
+        logger.debug(f"数据库范围检查器初始化: 允许数据库={allowed_database}, 访问级别={access_level.value}, 启用={self.is_enabled}")
+    
+    def check_query(self, sql_query: str) -> Tuple[bool, List[str]]:
+        """
+        检查SQL查询是否违反数据库范围限制
+        
+        Args:
+            sql_query: SQL查询语句
+            
+        Returns:
+            (是否允许, 违规详情列表)
+        """
+        if not self.is_enabled:
+            return True, []
+        
+        violations = []
+        
+        # 提取查询中涉及的数据库
+        referenced_databases = self._extract_databases(sql_query)
+        
+        for db_name in referenced_databases:
+            if not self._is_database_allowed(db_name):
+                violations.append(f"不允许访问数据库: {db_name}")
+        
+        # 检查特殊查询类型
+        special_violations = self._check_special_queries(sql_query)
+        violations.extend(special_violations)
+        
+        is_allowed = len(violations) == 0
+        
+        if violations:
+            logger.warning(f"数据库范围检查失败: {violations}")
+        
+        return is_allowed, violations
+    
+    def _extract_databases(self, sql_query: str) -> Set[str]:
+        """提取SQL查询中涉及的数据库名称"""
+        databases = set()
+        
+        # 标准化SQL（转换为大写，去除多余空格）
+        normalized_sql = re.sub(r'\s+', ' ', sql_query.upper().strip())
+        
+        for pattern in self.CROSS_DB_PATTERNS:
+            matches = re.finditer(pattern, normalized_sql, re.IGNORECASE)
+            for match in matches:
+                # 第一个捕获组通常是数据库名
+                if match.groups():
+                    db_name = match.group(1).lower()
+                    # 过滤掉非数据库名的匹配（如函数名等）
+                    if self._is_valid_database_name(db_name):
+                        databases.add(db_name)
+        
+        return databases
+    
+    def _is_valid_database_name(self, name: str) -> bool:
+        """检查是否是有效的数据库名称"""
+        # 数据库名称规则：字母、数字、下划线，不能以数字开头
+        return bool(re.match(r'^[a-zA-Z_][a-zA-Z0-9_]*$', name))
+    
+    def _is_database_allowed(self, db_name: str) -> bool:
+        """检查数据库是否被允许访问"""
+        db_name_lower = db_name.lower()
+        
+        # 检查是否是允许的主数据库
+        if self.allowed_database and db_name_lower == self.allowed_database.lower():
+            return True
+        
+        # 根据访问级别决定是否允许系统数据库
+        if self.access_level == DatabaseAccessLevel.RESTRICTED:
+            if db_name_lower in self.SYSTEM_DATABASES:
+                return True
+        
+        return False
+    
+    def _check_special_queries(self, sql_query: str) -> List[str]:
+        """检查特殊类型的查询"""
+        violations = []
+        normalized_sql = sql_query.upper().strip()
+        
+        # 检查SHOW DATABASES查询
+        if re.search(r'\bSHOW\s+DATABASES\b', normalized_sql):
+            if self.access_level == DatabaseAccessLevel.STRICT:
+                violations.append("严格模式下不允许执行 SHOW DATABASES")
+        
+        # 检查USE语句
+        if re.search(r'\bUSE\s+', normalized_sql):
+            violations.append("不允许使用 USE 语句切换数据库")
+        
+        # 检查系统表访问
+        system_table_patterns = [
+            r'\bmysql\.user\b',
+            r'\bmysql\.db\b', 
+            r'\binformation_schema\.',
+            r'\bperformance_schema\.',
+            r'\bsys\.'
+        ]
+        
+        for pattern in system_table_patterns:
+            if re.search(pattern, normalized_sql, re.IGNORECASE):
+                if self.access_level == DatabaseAccessLevel.STRICT:
+                    violations.append(f"严格模式下不允许访问系统表")
+                    break
+        
+        return violations
+    
+    def get_allowed_databases(self) -> Set[str]:
+        """获取允许访问的数据库列表"""
+        allowed = set()
+        
+        if self.allowed_database:
+            allowed.add(self.allowed_database.lower())
+        
+        if self.access_level == DatabaseAccessLevel.RESTRICTED:
+            allowed.update(self.SYSTEM_DATABASES)
+        
+        return allowed
+    
+    def is_cross_database_query(self, sql_query: str) -> bool:
+        """检查是否是跨数据库查询"""
+        referenced_dbs = self._extract_databases(sql_query)
+        return len(referenced_dbs) > 0
+
+# 便捷函数
+def create_database_checker(allowed_database: Optional[str] = None, 
+                          access_level: str = "permissive") -> DatabaseScopeChecker:
+    """
+    创建数据库范围检查器的便捷函数
+    
+    Args:
+        allowed_database: 允许访问的数据库名称
+        access_level: 访问级别字符串 (strict/restricted/permissive)
+        
+    Returns:
+        DatabaseScopeChecker实例
+    """
+    try:
+        level = DatabaseAccessLevel(access_level.lower())
+    except ValueError:
+        logger.warning(f"无效的访问级别: {access_level}，使用默认的 permissive")
+        level = DatabaseAccessLevel.PERMISSIVE
+    
+    return DatabaseScopeChecker(allowed_database, level)