Improve SQL validation logic and add related test #1324
Conversation
Enhanced `containsForbiddenPatterns` to use regex for stricter checks on SQL keywords and patterns, disallowing forbidden elements like comments and multiple statements. Updated `isValidSqlQuery` documentation for clarity. Added a test to validate reading from a table with column names containing reserved SQL keywords.
There was a problem hiding this comment.
Pull Request Overview
The PR strengthens SQL validation by switching to regex-based forbidden-pattern checks, clarifies the isValidSqlQuery documentation, and adds a test for reading from tables with columns named using reserved keywords.
- Use regex patterns in
containsForbiddenPatternsfor stricter detection. - Minor documentation updates in
isValidSqlQuery. - New H2 test for tables whose column names include reserved SQL keywords.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| dataframe-jdbc/src/test/kotlin/org/jetbrains/kotlinx/dataframe/io/h2/h2Test.kt | Added a test verifying SELECT works when column names include reserved keywords |
| dataframe-jdbc/src/main/kotlin/org/jetbrains/kotlinx/dataframe/io/readJdbc.kt | Switched forbiddenPatterns to regex, improved error logging, and updated Javadoc examples |
Comments suppressed due to low confidence (2)
dataframe-jdbc/src/test/kotlin/org/jetbrains/kotlinx/dataframe/io/h2/h2Test.kt:796
- [nitpick] Consider simplifying the test function name (e.g.,
read from table with column name containing reserved SQL keyword) for clarity and conciseness.
fun `read from table with column name containing the reserved SQL keywords`() {
dataframe-jdbc/src/test/kotlin/org/jetbrains/kotlinx/dataframe/io/h2/h2Test.kt:814
- Add tests for the newly documented forbidden patterns (e.g., queries containing
--,/* */, or multiple statements separated by;) to verify thatcontainsForbiddenPatternscorrectly rejects them.
}
|
|
||
| @Test | ||
| fun `read from table with column name containing the reserved SQL keywords`() { | ||
| @Language("SQL") |
There was a problem hiding this comment.
[nitpick] For the multi-line SQL string, consider appending trimIndent() (or trimMargin()) to remove leading whitespace and ensure the query is formatted as intended.
Copilot uses AI. Check for mistakes.
| ) | ||
|
|
||
| // Use regular expressions to match reserved words only as separate entities | ||
| for (pattern in forbiddenPatterns) { | ||
| if (input.contains(pattern)) { | ||
| val regex = Regex(pattern, RegexOption.IGNORE_CASE) |
There was a problem hiding this comment.
Consider precompiling the forbiddenPatterns into Regex instances once (e.g., at initialization) instead of compiling a new Regex on every call to improve performance.
Copilot uses AI. Check for mistakes.
2 participants
Enhanced
containsForbiddenPatternsto use regex for stricter checks on SQL keywords and patterns, disallowing forbidden elements like comments and multiple statements. UpdatedisValidSqlQuerydocumentation for clarity. Added a test to validate reading from a table with column names containing reserved SQL keywords.Fixes #1307