feat: improve SQL validation for aggregate functions and entity model resilience#1571
feat: improve SQL validation for aggregate functions and entity model resilience#1571UIPath-Harshit wants to merge 1 commit intomainfrom
Conversation
github-actions
bot
added
the
test:uipath-langchain
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f8c5a5b903
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if isinstance(node, IdentifierList): | ||
| for child in node.tokens: | ||
| if child.ttype is Wildcard: | ||
| return True |
There was a problem hiding this comment.
table.* as disallowed wildcard
_projection_has_bare_wildcard only checks tokens whose type is Wildcard directly or inside an IdentifierList, but it never inspects Identifier nodes. In sqlparse, table.* is represented as an Identifier, so queries like SELECT Customers.* FROM Customers LIMIT 10 bypass the SELECT * without filtering guard and also slip past the >4 columns limit because _projection_column_count treats that projection as one column. This reopens unrestricted full-row reads that the validator is meant to block.
Useful? React with 👍 / 👎.
UIPath-Harshit
force-pushed
the
feat/entities-sql-validation-improvements
branch
2 times, most recently
from
4c645af to
2b0a8e0
Compare
UIPath-Harshit
force-pushed
the
feat/entities-sql-validation-improvements
branch
from
cde1447 to
d4ddc56
Compare
… resilience Add aggregate function detection (COUNT, SUM, AVG, MIN, MAX) to allow queries without WHERE/LIMIT clauses. Block COUNT(*) with a clear error message. Refactor projection parsing to use AST nodes instead of flattened tokens for more accurate column counting and wildcard detection. Make Entity model fields more resilient with optional SourceJoinCriteria fields, AliasChoices for sourceJoinCriterias, and union types for externalFields. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UIPath-Harshit
force-pushed
the
feat/entities-sql-validation-improvements
branch
from
2e3e5c4 to
38e4438
Compare
1 participant
Summary
COUNT(*)with a clear error message directing users to useCOUNT(column_name)insteadFROMclause in all queriesEntitymodel more resilient: optionalSourceJoinCriteriafields,AliasChoicesforsourceJoinCriterias/sourceJoinCriteria, union types forexternalFields, and optionalreference_typeinFieldMetadatauipath-platformversion to 0.1.29Test plan
COUNT(*)rejection, missingFROM, and non-aggregate functions (UPPER, COALESCE) are validated🤖 Generated with Claude Code