CogniDB is designed to keep LLM-generated SQL on a constrained path.
- Prompt injection influencing SQL generation
- Classic SQL injection patterns in generated/native queries
- Destructive statements (DROP/DELETE/UPDATE/UPDATE/INSERT/…)
- Over-broad data access without table/column ACLs
Full write-up (assets, mitigations, honest non-goals): docs/threat-model.md.
- Statement policy: read mode default; write mode opt-in for DML; DDL always rejected
- SELECT-oriented allowlists (configurable)
- Forbidden keyword and injection pattern checks
- Identifier validation
- Optional table/column access control by caller identity
- Audit logging hooks
- Defense in depth with least-privilege DB grants (library consumer responsibility)
- Adversarial SQL corpus (
tests/security/corpus/) — payloads must fail closed in read mode
- SQLite
- MySQL
- PostgreSQL
Open a private security advisory on GitHub or email the maintainer via the address on the GitHub profile. Please do not open public issues for unpatched critical vulnerabilities.