compiler/sqlite: validate qualified column references across scopes

Signed-off-by: Amirhossein Akhlaghpour <[email protected]>

Author: Mehrbod2002

internal/compiler/analyze.go

@@ -181,6 +181,12 @@ func (c *Compiler) _analyzeQuery(raw *ast.RawStmt, query string, failfast bool)
 		return nil, err
 	}
 
+	if c.conf.Engine == config.EngineSQLite {
+		if err := validateSQLiteQualifiedColumnRefs(raw.Stmt); err != nil {
+			return nil, check(err)
+		}
+	}
+
 	params, err := c.resolveCatalogRefs(qc, rvs, refs, namedParams, embeds)
 	if err := check(err); err != nil {
 		return nil, err

internal/compiler/validator.go

@@ -0,0 +1,262 @@
+package compiler
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/sqlc-dev/sqlc/internal/sql/ast"
+	"github.com/sqlc-dev/sqlc/internal/sql/sqlerr"
+)
+
+/*
+This file implements SQLite-specific validation for qualified column references.
+
+Problem:
+  SQLite allows invalid correlated references to pass parsing, e.g.
+
+    SELECT *
+    FROM locations l
+    WHERE EXISTS (
+      SELECT 1
+      FROM projects p
+      WHERE p.id = location.project_id -- invalid: "location" not in scope
+    )
+
+SQLite itself errors at runtime, but sqlc historically accepted this query.
+This validator rejects such queries during compilation, matching SQLite behavior.
+*/
+
+// scope represents the set of visible table names and aliases at a SELECT level.
+// parent enables correlated subqueries to see outer query tables.
+type scope struct {
+	parent *scope
+	names  map[string]struct{}
+}
+
+func newScope(parent *scope) *scope {
+	return &scope{
+		parent: parent,
+		names:  map[string]struct{}{},
+	}
+}
+
+// add registers a visible table name or alias.
+func (s *scope) add(name string) {
+	if name == "" {
+		return
+	}
+	s.names[name] = struct{}{}
+}
+
+// has checks whether a name is visible in this scope or any parent scope.
+func (s *scope) has(name string) bool {
+	for cur := s; cur != nil; cur = cur.parent {
+		if _, ok := cur.names[name]; ok {
+			return true
+		}
+	}
+	return false
+}
+
+// qualifierFromColumnRef extracts the table/alias portion of a qualified ref.
+//
+// Examples:
+//
+//	a.b       -> "a"
+//	s.a.b     -> "a"  (schema.table.column)
+//	b         -> ""   (unqualified)
+func qualifierFromColumnRef(ref *ast.ColumnRef) (string, bool) {
+	if ref == nil || ref.Fields == nil {
+		return "", false
+	}
+	items := stringSlice(ref.Fields)
+	switch len(items) {
+	case 2:
+		return items[0], true
+	case 3:
+		return items[1], true
+	default:
+		return "", false
+	}
+}
+
+// addFromItemToScope records tables and aliases introduced by FROM/JOIN items.
+func addFromItemToScope(sc *scope, n ast.Node) {
+	switch t := n.(type) {
+	case *ast.RangeVar:
+		if t.Relname != nil {
+			sc.add(*t.Relname)
+		}
+		if t.Alias != nil && t.Alias.Aliasname != nil {
+			sc.add(*t.Alias.Aliasname)
+		}
+
+	case *ast.JoinExpr:
+		addFromItemToScope(sc, t.Larg)
+		addFromItemToScope(sc, t.Rarg)
+
+	case *ast.RangeSubselect:
+		if t.Alias != nil && t.Alias.Aliasname != nil {
+			sc.add(*t.Alias.Aliasname)
+		}
+
+	case *ast.RangeFunction:
+		if t.Alias != nil && t.Alias.Aliasname != nil {
+			sc.add(*t.Alias.Aliasname)
+		}
+	}
+}
+
+// validateSQLiteQualifiedColumnRefs is the public entry point.
+// It validates that qualified column references only use visible tables/aliases.
+func validateSQLiteQualifiedColumnRefs(root ast.Node) error {
+	return validateNodeSQLite(root, nil)
+}
+
+// validateNodeSQLite validates a SELECT node and establishes a new scope.
+// Nested SELECTs receive the current scope as their parent.
+func validateNodeSQLite(node ast.Node, parent *scope) error {
+	switch n := node.(type) {
+	case *ast.SelectStmt:
+		sc := newScope(parent)
+
+		// Collect visible names from FROM clause
+		if n.FromClause != nil {
+			for _, item := range n.FromClause.Items {
+				addFromItemToScope(sc, item)
+			}
+		}
+
+		// Walk this SELECT subtree with the new scope
+		return walkSQLite(n, sc)
+
+	default:
+		// Only SELECTs introduce scopes; other nodes are irrelevant here.
+		return nil
+	}
+}
+
+// walkSQLite recursively walks an AST node, validating ColumnRef qualifiers.
+func walkSQLite(node ast.Node, sc *scope) error {
+	if node == nil {
+		return nil
+	}
+
+	// Pre-order validation: check ColumnRef immediately
+	if ref, ok := node.(*ast.ColumnRef); ok {
+		if qual, ok := qualifierFromColumnRef(ref); ok && !sc.has(qual) {
+			return &sqlerr.Error{
+				Code:     "42703",
+				Message:  fmt.Sprintf("table alias %q does not exist", qual),
+				Location: ref.Location,
+			}
+		}
+	}
+
+	// Explicit handling of subquery boundaries
+	switch n := node.(type) {
+	case *ast.SubLink:
+		if n.Subselect != nil {
+			return validateNodeSQLite(n.Subselect, sc)
+		}
+		return nil
+
+	case *ast.RangeSubselect:
+		if n.Subquery != nil {
+			return validateNodeSQLite(n.Subquery, sc)
+		}
+		return nil
+	}
+
+	// Generic recursion for all other node types
+	return walkSQLiteReflect(node, sc)
+}
+
+// walkSQLiteReflect traverses AST nodes via reflection.
+// This avoids dependency on astutils.Walk, whose signature varies.
+func walkSQLiteReflect(node ast.Node, sc *scope) error {
+	v := reflect.ValueOf(node)
+	if v.Kind() == reflect.Pointer {
+		if v.IsNil() {
+			return nil
+		}
+		v = v.Elem()
+	}
+	if v.Kind() != reflect.Struct {
+		return nil
+	}
+
+	t := v.Type()
+	for i := 0; i < v.NumField(); i++ {
+		// Skip unexported fields
+		if t.Field(i).PkgPath != "" {
+			continue
+		}
+
+		f := v.Field(i)
+		if !f.IsValid() {
+			continue
+		}
+
+		// Dereference pointers
+		for f.Kind() == reflect.Pointer {
+			if f.IsNil() {
+				goto next
+			}
+			f = f.Elem()
+		}
+
+		// Handle ast.List
+		if f.Type() == reflect.TypeOf(ast.List{}) {
+			list := f.Addr().Interface().(*ast.List)
+			for _, n := range list.Items {
+				if err := walkSQLite(n, sc); err != nil {
+					return err
+				}
+			}
+			continue
+		}
+
+		// Handle *ast.List
+		if f.CanAddr() {
+			if pl, ok := f.Addr().Interface().(**ast.List); ok && *pl != nil {
+				for _, n := range (*pl).Items {
+					if err := walkSQLite(n, sc); err != nil {
+						return err
+					}
+				}
+				continue
+			}
+		}
+
+		// Handle single ast.Node
+		if f.CanInterface() {
+			if n, ok := f.Interface().(ast.Node); ok {
+				if err := walkSQLite(n, sc); err != nil {
+					return err
+				}
+				continue
+			}
+		}
+
+		// Handle slices of ast.Node
+		if f.Kind() == reflect.Slice {
+			for j := 0; j < f.Len(); j++ {
+				elem := f.Index(j)
+				if elem.Kind() == reflect.Pointer && elem.IsNil() {
+					continue
+				}
+				if elem.CanInterface() {
+					if n, ok := elem.Interface().(ast.Node); ok {
+						if err := walkSQLite(n, sc); err != nil {
+							return err
+						}
+					}
+				}
+			}
+		}
+
+	next:
+	}
+	return nil
+}

internal/endtoend/testdata/sqlite_invalid_correlated_ref/sqlite/query.sql

@@ -0,0 +1,9 @@
+-- name: GetByPublicID :one
+SELECT *
+FROM locations l
+WHERE l.public_id = ?
+AND EXISTS (
+    SELECT 1
+    FROM projects p
+    WHERE p.id = location.project_id
+);

internal/endtoend/testdata/sqlite_invalid_correlated_ref/sqlite/schema.sql

@@ -0,0 +1,20 @@
+CREATE TABLE organizations (
+    id INTEGER PRIMARY KEY
+);
+
+CREATE TABLE organization_members (
+    id INTEGER PRIMARY KEY,
+    organization_id INTEGER NOT NULL,
+    account_id INTEGER NOT NULL
+);
+
+CREATE TABLE projects (
+    id INTEGER PRIMARY KEY,
+    organization_id INTEGER NOT NULL
+);
+
+CREATE TABLE locations (
+    id INTEGER PRIMARY KEY,
+    public_id TEXT UNIQUE NOT NULL,
+    project_id INTEGER NOT NULL
+) STRICT;

internal/endtoend/testdata/sqlite_invalid_correlated_ref/sqlite/sqlc.yaml

@@ -0,0 +1,12 @@
+version: "2"
+
+sql:
+  - engine: "sqlite"
+    schema: "schema.sql"
+    queries: "query.sql"
+    rules:
+      - sqlc/db-prepare
+    gen:
+      go:
+        package: "db"
+        out: "generated"

internal/endtoend/testdata/sqlite_invalid_correlated_ref/sqlite/stderr.txt

@@ -0,0 +1,2 @@
+# package db
+query.sql:8:18: table alias "location" does not exist