Fix native query escaping by StpMax · Pull Request #59 · mindsdb/mindsdb_sql_parser

StpMax · 2025-08-04T13:08:16Z

There is an issue with escaping native queries. For example:

select * from my_postgres (
 select 'a''b'
)

in this case query select 'a'b' will be executed in the db.

This PR keep original text for native queries

Fix CONN-1354

github-actions · 2025-08-04T13:09:47Z

Coverage Report

File	Stmts	Miss	Cover	Missing
mindsdb_sql_parser
__about__.py	10	10	0%	1–10
__init__.py	119	22	82%	44, 48, 53, 98, 115, 139–158, 165–166
lexer.py	284	21	93%	372, 374, 376, 388, 390, 392, 398–416
logger.py	19	4	79%	14, 17, 23, 26
parser.py	1107	32	97%	129, 133, 288, 313, 419, 605, 622, 646–647, 868, 922, 999, 1100, 1153, 1163, 1202–1203, 1232, 1243, 1326, 1402, 1441, 1477, 1670–1671, 1846–1847, 2023, 2031, 2084–2087
utils.py	49	4	92%	73–79
mindsdb_sql_parser/ast
base.py	36	5	86%	13, 28, 31, 46, 51
create.py	80	12	85%	23–31, 92–97
drop.py	52	2	96%	10, 13
insert.py	63	4	94%	39–41, 46
show.py	48	1	98%	18
update.py	53	5	91%	40–42, 75–76
mindsdb_sql_parser/ast/mindsdb
knowledge_base.py	97	1	99%	80
mindsdb_sql_parser/ast/select
case.py	37	1	97%	22
constant.py	36	1	97%	23
data.py	11	4	64%	10–12, 15, 19
identifier.py	83	11	87%	56, 104–112, 122
native_query.py	13	1	92%	25
operation.py	139	4	97%	57, 66, 178, 202
parameter.py	15	2	87%	17, 20
select.py	109	3	97%	160–165
star.py	12	2	83%	8–9
TOTAL	3399	152	96%

Tests	Skipped	Failures	Errors	Time
303	0 💤	0 ❌	0 🔥	13.270s ⏱️

entelligence-ai-pr-reviews · 2025-08-04T13:11:30Z

Review Summary

🏷️ Draft Comments (4)

Skipped posting 4 draft comments that were valid but scored below your review threshold (>13/15). Feel free to update them here.
mindsdb_sql_parser/lexer.py (1)
335-345: t.raw_value is set for QUOTE_STRING and DQUOTE_STRING tokens, but not for ID, FLOAT, or INTEGER, causing inconsistent token attributes and potential runtime errors if downstream code expects raw_value on all tokens.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb_sql_parser/lexer.py, lines 335-345, the token methods for ID, FLOAT, and INTEGER do not set t.raw_value, while QUOTE_STRING and DQUOTE_STRING do. This inconsistency can cause runtime errors if downstream code expects t.raw_value on all tokens. Please update the ID, FLOAT, and INTEGER methods to set t.raw_value = t.value before returning the token, matching the behavior of the string token methods.
mindsdb_sql_parser/utils.py (2)
65-66: tokens_to_string will raise an exception if tokens is empty, as it accesses tokens[0] without checking; this causes a crash for empty input.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb_sql_parser/utils.py, lines 65-66, the function `tokens_to_string` assumes `tokens` is non-empty and accesses `tokens[0]` without checking. This will cause an exception if an empty list is passed. Add a check at the start of the function to return an empty string if `tokens` is empty.
70-95: tokens_to_string reconstructs lines by concatenating strings in a loop, which is inefficient for large token lists due to repeated string allocations (O(n^2) time complexity for long lines).

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb_sql_parser/utils.py, lines 70-95, the function `tokens_to_string` reconstructs lines by concatenating strings in a loop, which is inefficient for large token lists due to repeated string allocations (O(n^2) time complexity for long lines). Refactor this section to use a list to accumulate lines and join them at the end, minimizing string concatenation overhead. Preserve all logic and formatting.
sly/lex.py (1)
416-444: Lexer.tokenize creates a new Token object for every token, even for ignored tokens and literals, causing unnecessary object allocations and memory churn when processing large texts.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In sly/lex.py, lines 416-444, the `Lexer.tokenize` method creates a new `Token` object for every match, including ignored tokens and literals, which leads to unnecessary object allocations and memory churn when processing large texts. Refactor the code so that `Token` objects are only created for tokens that are actually yielded, skipping object creation for ignored tokens and literals. Ensure the logic and indentation remain consistent with the original code.

StpMax · 2025-08-05T12:12:01Z

chosen alternative fix-raw-query-escape2

StpMax added 2 commits August 4, 2025 14:41

fix raw query escaping

40b92c6

test

4fe4029

StpMax requested a review from ea-rus August 4, 2025 13:26

ea-rus mentioned this pull request Aug 4, 2025

Fix raw query escaping #60

Merged

StpMax closed this Aug 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix native query escaping#59

Fix native query escaping#59
StpMax wants to merge 2 commits into
mainfrom
fix-raw-query-escape

StpMax commented Aug 4, 2025

Uh oh!

github-actions Bot commented Aug 4, 2025

Uh oh!

entelligence-ai-pr-reviews Bot commented Aug 4, 2025

Uh oh!

StpMax commented Aug 5, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

StpMax commented Aug 4, 2025

Uh oh!

github-actions Bot commented Aug 4, 2025

Uh oh!

entelligence-ai-pr-reviews Bot commented Aug 4, 2025

Review Summary

Uh oh!

StpMax commented Aug 5, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant