Add read-only mode and query execution capabilities#20
Conversation
… write operations
danielmeppiel
left a comment
danielmeppiel
left a comment
There was a problem hiding this comment.
Great base, let's iterate - I've left my comments
…s from the database API Instead of checking for an "error" key in the result
…ery type and permissions This replaces scattered validation logic throughout the file
…d-only and write-enabled modes
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This adds is_write_operation
- Add semicolon detection to prevent statement chaining attacks - Implement regex pattern matching for DML/DDL keywords in comments/subqueries - Block sophisticated SQL injection attempts that bypass basic prefix checks - Maintain backward compatibility for legitimate SELECT/CTE queries
Go back to using SYS.ODCIVARCHAR2LIST for better performance with large table lists.
|
@danielmeppiel The PR is now ready. All concerns were addressed. |
danielmeppiel
left a comment
danielmeppiel
left a comment
There was a problem hiding this comment.
Thanks for your latest changes @kevingatera !
Let's security-harden this with sqlparse library and we will be ready to merge
|
@danielmeppiel The requested changes have been made. But, there are two items of note:
|
|
Fixed and ran tests for it. Ready. |
|
@danielmeppiel is there anything else you'd like me to add/modify? |
|
Sorry for the delay, currently on a summer break, but will have a look at merging this ASAP |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces comprehensive read-only mode and SQL query execution capabilities to enhance database security and functionality. The default read-only mode prevents accidental write operations while still allowing full read access, and the new query execution tool enables users to run SELECT statements directly through the MCP server.
- Adds read-only mode as a default security feature with environment variable configuration
- Implements run_sql_query tool for executing SELECT statements with formatted output
- Introduces wrap_untrusted function to mitigate prompt injection risks in returned data
Reviewed Changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pyproject.toml | Adds sqlparse dependency for SQL statement parsing |
| main.py | Implements wrap_untrusted function, adds run_sql_query tool, and enables read-only mode configuration |
| db_context/schema/formatter.py | Adds format_sql_query_result function for creating markdown tables from query results |
| db_context/database.py | Refactors DatabaseConnector with read-only checks, SQL parsing, and query execution capabilities |
| db_context/init.py | Updates DatabaseContext to support read-only mode and expose run_sql_query method |
| README.md | Documents read-only mode configuration and usage instructions |
Comments suppressed due to low confidence (1)
db_context/database.py:1
- The
_close_connectionmethod implementation was removed but the method is still being called throughout the code. This will cause AttributeError exceptions when the method is invoked.
import sys
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
…cle DB; parameterize Oracle image; add uv usage and test suite improvements
…d related table discovery tests
… (uses r_owner + fallback owner resolution)
2 participants
This PR introduces read-only mode as a default security feature to prevent accidental write operations, adds the run_sql_query tool for executing SELECT statements, and implements a wrap_untrusted function to mitigate prompt injection risks. Changes update the DatabaseContext and DatabaseConnector classes to enforce read-only checks.
Please see: README documentation for configuration and usage.
This resolves #19 and is also a more flexible implementation of #17