(doris-mcp-server) branch master updated: [improvement] Enhance SQL injection detection patterns in SQLSecurityValidator (#46)

freeoneplus Sun, 10 Aug 2025 22:35:53 -0700

This is an automated email from the ASF dual-hosted git repository.

freeoneplus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-mcp-server.git



The following commit(s) were added to refs/heads/master by this push:
     new 55dbdd5  [improvement] Enhance SQL injection detection patterns in 
SQLSecurityValidator (#46)
55dbdd5 is described below

commit 55dbdd5e14107ece49257a51c3acbe0284285f37
Author: drgnchan <[email protected]>
AuthorDate: Mon Aug 11 13:29:51 2025 +0800

    [improvement] Enhance SQL injection detection patterns in 
SQLSecurityValidator (#46)
---
 .dockerignore                      | 2 ++
 doris_mcp_server/utils/security.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..9f335b5
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+**/.venv
+**/venv
\ No newline at end of file
diff --git a/doris_mcp_server/utils/security.py 
b/doris_mcp_server/utils/security.py
index abf6a7f..c1c4dc8 100644
--- a/doris_mcp_server/utils/security.py
+++ b/doris_mcp_server/utils/security.py
@@ -537,7 +537,7 @@ class SQLSecurityValidator:
         """Check SQL injection risks"""
         # Check common SQL injection patterns
         injection_patterns = [
-            
r"(\s|^)(union|select|insert|update|delete|drop|create|alter)\s+.*\s+(union|select|insert|update|delete|drop|create|alter)",
+            
r"(?i)(?<![A-Za-z0-9_])(union|select|insert|update|delete|drop|create|alter)(?![A-Za-z0-9_])\s+[\s\S]*?\s+(?<![A-Za-z0-9_])(union|select|insert|update|delete|drop|create|alter)(?![A-Za-z0-9_])",
             r"(\s|^)(or|and)\s+\d+\s*=\s*\d+",
             r"(\s|^)(or|and)\s+['\"].*['\"]",
             r";\s*(drop|delete|truncate|alter|create)",


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(doris-mcp-server) branch master updated: [improvement] Enhance SQL injection detection patterns in SQLSecurityValidator (#46)

Reply via email to