feat: Deny queries that contain potentially undesirable keywords

Author: gadenbuie

pkg-py/src/querychat/_datasource.py

@@ -9,6 +9,8 @@
 from sqlalchemy import inspect, text
 from sqlalchemy.sql import sqltypes
 
+from ._utils import check_query
+
 if TYPE_CHECKING:
     from narwhals.stable.v1.typing import IntoFrame
     from sqlalchemy.engine import Connection, Engine
@@ -261,6 +263,7 @@ def execute_query(self, query: str) -> pd.DataFrame:
             Query results as pandas DataFrame
 
         """
+        check_query(query)
         return self._conn.execute(query).df()
 
     def test_query(
@@ -523,6 +526,7 @@ def execute_query(self, query: str) -> pd.DataFrame:
             Query results as pandas DataFrame
 
         """
+        check_query(query)
         with self._get_connection() as conn:
             return pd.read_sql_query(text(query), conn)
 

pkg-py/src/querychat/_utils.py

@@ -1,12 +1,86 @@
 from __future__ import annotations
 
 import os
+import re
 import warnings
 from contextlib import contextmanager
 from typing import TYPE_CHECKING, Literal, Optional
 
 import narwhals.stable.v1 as nw
 
+
+class UnsafeQueryError(ValueError):
+    """Raised when a query contains an unsafe/write operation."""
+
+
+def check_query(query: str) -> None:
+    """
+    Check if a SQL query appears to be a non-read-only (write) operation.
+
+    Raises UnsafeQueryError if the query starts with a dangerous keyword.
+
+    Two categories of keywords are checked:
+
+    - Always blocked: DELETE, TRUNCATE, CREATE, DROP, ALTER, GRANT, REVOKE,
+      EXEC, EXECUTE, CALL
+    - Blocked unless QUERYCHAT_ENABLE_UPDATE_QUERIES=true: INSERT, UPDATE,
+      MERGE, REPLACE, UPSERT
+
+    Parameters
+    ----------
+    query
+        The SQL query string to check
+
+    Raises
+    ------
+    UnsafeQueryError
+        If the query starts with a disallowed keyword
+
+    """
+    # Normalize: newlines/tabs -> space, collapse multiple spaces, trim, uppercase
+    normalized = re.sub(r"[\r\n\t]+", " ", query)
+    normalized = re.sub(r" +", " ", normalized)
+    normalized = normalized.strip().upper()
+
+    # Always blocked - destructive/schema/admin operations
+    always_blocked = [
+        "DELETE",
+        "TRUNCATE",
+        "CREATE",
+        "DROP",
+        "ALTER",
+        "GRANT",
+        "REVOKE",
+        "EXEC",
+        "EXECUTE",
+        "CALL",
+    ]
+
+    # Blocked unless escape hatch enabled - data modification
+    update_keywords = ["INSERT", "UPDATE", "MERGE", "REPLACE", "UPSERT"]
+
+    # Check always-blocked keywords first
+    always_pattern = r"^(" + "|".join(always_blocked) + r")\b"
+    match = re.match(always_pattern, normalized)
+    if match:
+        raise UnsafeQueryError(
+            f"Query appears to contain a disallowed operation: {match.group(1)}. "
+            "Only SELECT queries are allowed."
+        )
+
+    # Check update keywords (can be enabled via envvar)
+    enable_updates = os.environ.get("QUERYCHAT_ENABLE_UPDATE_QUERIES", "").lower()
+    if enable_updates not in ("true", "1", "yes"):
+        update_pattern = r"^(" + "|".join(update_keywords) + r")\b"
+        match = re.match(update_pattern, normalized)
+        if match:
+            raise UnsafeQueryError(
+                f"Query appears to contain an update operation: {match.group(1)}. "
+                "Only SELECT queries are allowed. "
+                "Set QUERYCHAT_ENABLE_UPDATE_QUERIES=true to allow update queries."
+            )
+
+
 if TYPE_CHECKING:
     from narwhals.stable.v1.typing import IntoFrame
 

pkg-py/tests/test_datasource.py

@@ -5,6 +5,7 @@
 import pandas as pd
 import pytest
 from querychat._datasource import DataFrameSource, SQLAlchemySource
+from querychat._utils import UnsafeQueryError, check_query
 from querychat.types import MissingColumnsError
 from sqlalchemy import create_engine, text
 
@@ -387,3 +388,113 @@ def test_test_query_error_message_format(test_db_engine):
     assert "Query result missing required columns" in error_message
     assert "The query must return all original table columns" in error_message
     assert "Original columns:" in error_message
+
+
+# Tests for check_query() function
+
+
+def test_check_query_allows_valid_select():
+    """Test that check_query allows valid SELECT queries."""
+    check_query("SELECT * FROM test_table")
+    check_query("select * from test_table")
+    check_query("  SELECT * FROM test_table  ")
+    check_query("\nSELECT * FROM test_table\n")
+
+
+def test_check_query_blocks_always_blocked_keywords():
+    """Test that check_query blocks always-blocked keywords."""
+    always_blocked = [
+        "DELETE",
+        "TRUNCATE",
+        "CREATE",
+        "DROP",
+        "ALTER",
+        "GRANT",
+        "REVOKE",
+        "EXEC",
+        "EXECUTE",
+        "CALL",
+    ]
+
+    for keyword in always_blocked:
+        with pytest.raises(UnsafeQueryError, match="disallowed operation"):
+            check_query(f"{keyword} something")
+
+
+def test_check_query_blocks_update_keywords_by_default():
+    """Test that check_query blocks update keywords by default."""
+    update_keywords = ["INSERT", "UPDATE", "MERGE", "REPLACE", "UPSERT"]
+
+    for keyword in update_keywords:
+        with pytest.raises(UnsafeQueryError, match="update operation"):
+            check_query(f"{keyword} something")
+
+
+def test_check_query_normalizes_whitespace_and_case():
+    """Test that check_query normalizes whitespace and case."""
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("  delete   FROM table  ")
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("\n\nDELETE\n\nFROM table")
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("\tDELETE\tFROM\ttable")
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("DeLeTe FROM table")
+
+
+def test_check_query_escape_hatch_enables_update_keywords(monkeypatch):
+    """Test that escape hatch enables update keywords."""
+    monkeypatch.setenv("QUERYCHAT_ENABLE_UPDATE_QUERIES", "true")
+
+    # These should not raise
+    check_query("INSERT INTO table VALUES (1)")
+    check_query("UPDATE table SET x = 1")
+    check_query("MERGE INTO table USING")
+    check_query("REPLACE INTO table VALUES (1)")
+    check_query("UPSERT INTO table VALUES (1)")
+
+
+def test_check_query_escape_hatch_does_not_enable_always_blocked(monkeypatch):
+    """Test that escape hatch does NOT enable always-blocked keywords."""
+    monkeypatch.setenv("QUERYCHAT_ENABLE_UPDATE_QUERIES", "true")
+
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("DELETE FROM table")
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("DROP TABLE table")
+    with pytest.raises(UnsafeQueryError, match="disallowed"):
+        check_query("TRUNCATE TABLE table")
+
+
+def test_check_query_integrated_into_execute_query():
+    """Test that check_query is integrated into execute_query()."""
+    test_df = pd.DataFrame(
+        {
+            "id": [1, 2, 3],
+            "name": ["a", "b", "c"],
+            "value": [10, 20, 30],
+        }
+    )
+
+    source = DataFrameSource(test_df, "test_table")
+
+    with pytest.raises(UnsafeQueryError, match="disallowed operation"):
+        source.execute_query("DELETE FROM test_table")
+
+    with pytest.raises(UnsafeQueryError, match="update operation"):
+        source.execute_query("INSERT INTO test_table VALUES (1, 'a', 1)")
+
+    source.cleanup()
+
+
+def test_check_query_does_not_block_keywords_in_column_names():
+    """Test that keywords in column names or values are not blocked."""
+    check_query("SELECT update_count FROM table")
+    check_query("SELECT * FROM delete_logs")
+
+
+def test_check_query_escape_hatch_accepts_various_values(monkeypatch):
+    """Test that escape hatch accepts various truthy values."""
+    for value in ["true", "TRUE", "1", "yes", "YES"]:
+        monkeypatch.setenv("QUERYCHAT_ENABLE_UPDATE_QUERIES", value)
+        check_query("INSERT INTO table VALUES (1)")  # Should not raise

pkg-r/R/DataSource.R

@@ -337,6 +337,8 @@ DBISource <- R6::R6Class(
           DBI::dbQuoteIdentifier(private$conn, self$table_name)
         )
       }
+
+      check_query(query)
       DBI::dbGetQuery(private$conn, query)
     },
 

pkg-r/R/utils-check.R

@@ -60,3 +60,108 @@ check_sql_table_name <- function(
 
   invisible(NULL)
 }
+
+
+# SQL query validation --------------------------------------------------------
+
+#' Check SQL query for disallowed operations
+#'
+#' Validates that a SQL query does not start with a disallowed operation.
+#' This is a simple safety check, not full query parsing.
+#'
+#' @param query The SQL query string to check
+#' @param ... These dots are for future extensions and must be empty.
+#' @param arg Argument name to use in error messages
+#' @param call Calling environment for error messages
+#'
+#' @details
+#' Two categories of keywords are checked:
+#'
+#' **Always blocked** (no escape hatch):
+#' DELETE, TRUNCATE, CREATE, DROP, ALTER, GRANT, REVOKE, EXEC, EXECUTE, CALL
+#'
+#' **Blocked unless escape hatch enabled**:
+#' INSERT, UPDATE, MERGE, REPLACE, UPSERT
+#'
+#' The escape hatch can be enabled via
+#' `options(querychat.enable_update_queries = TRUE)` or by setting the
+#' environment variable `QUERYCHAT_ENABLE_UPDATE_QUERIES=true`.
+#'
+#' @return Invisibly returns `NULL` if validation passes. Otherwise throws an
+#'   error.
+#'
+#' @noRd
+check_query <- function(
+  query,
+  ...,
+  arg = caller_arg(query),
+  call = caller_env()
+) {
+  check_dots_empty()
+  check_string(query, arg = arg, call = call)
+
+  # Normalize: newlines/tabs -> space, collapse multiple spaces, trim, uppercase
+  normalized <- query
+  normalized <- gsub("[\r\n\t]+", " ", normalized)
+  normalized <- gsub(" +", " ", normalized)
+  normalized <- trimws(normalized)
+  normalized <- toupper(normalized)
+
+  # Always blocked - destructive/schema/admin operations
+  always_blocked <- c(
+    "DELETE",
+    "TRUNCATE",
+    "CREATE",
+    "DROP",
+    "ALTER",
+    "GRANT",
+    "REVOKE",
+    "EXEC",
+    "EXECUTE",
+    "CALL"
+  )
+
+  # Blocked unless escape hatch enabled - data modification
+  update_keywords <- c("INSERT", "UPDATE", "MERGE", "REPLACE", "UPSERT")
+
+  # Check always-blocked keywords first
+  always_pattern <- paste0("^(", paste(always_blocked, collapse = "|"), ")\\b")
+  if (grepl(always_pattern, normalized)) {
+    matched <- regmatches(normalized, regexpr(always_pattern, normalized))
+    cli::cli_abort(
+      c(
+        "Query appears to contain a disallowed operation: {matched}",
+        "i" = "Only SELECT queries are allowed."
+      ),
+      call = call
+    )
+  }
+
+  # Check update keywords (can be enabled via option or envvar)
+  enable_updates <- isTRUE(getOption("querychat.enable_update_queries", FALSE))
+  if (!enable_updates) {
+    envvar <- Sys.getenv("QUERYCHAT_ENABLE_UPDATE_QUERIES", "")
+    enable_updates <- tolower(envvar) %in% c("true", "1", "yes")
+  }
+
+  if (!enable_updates) {
+    update_pattern <- paste0(
+      "^(",
+      paste(update_keywords, collapse = "|"),
+      ")\\b"
+    )
+    if (grepl(update_pattern, normalized)) {
+      matched <- regmatches(normalized, regexpr(update_pattern, normalized))
+      cli::cli_abort(
+        c(
+          "Query appears to contain an update operation: {matched}",
+          "i" = "Only SELECT queries are allowed.",
+          "i" = "Set {.code options(querychat.enable_update_queries = TRUE)} or {.envvar QUERYCHAT_ENABLE_UPDATE_QUERIES=true} to allow update queries."
+        ),
+        call = call
+      )
+    }
+  }
+
+  invisible(NULL)
+}