-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathutils.py
More file actions
84 lines (68 loc) · 2.81 KB
/
Copy pathutils.py
File metadata and controls
84 lines (68 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
"""
utils.py
--------
Helper functions shared by app.py:
1. get_schema() - reads the DB structure so we can tell Gemini what tables/columns exist
2. is_safe_sql() - blocks anything that isn't a read-only SELECT
3. clean_sql_response()- strips markdown fences Gemini sometimes wraps around SQL
"""
import sqlite3
import re
DB_PATH = "shop.db"
# Only these statement types are ever allowed to run.
# Anything else (INSERT, UPDATE, DELETE, DROP, ALTER, ATTACH, PRAGMA, etc.) is rejected.
FORBIDDEN_KEYWORDS = [
"DROP", "DELETE", "INSERT", "UPDATE", "ALTER", "CREATE",
"TRUNCATE", "REPLACE", "ATTACH", "DETACH", "PRAGMA",
"VACUUM", "REINDEX", "GRANT", "REVOKE",
]
def get_schema(db_path: str = DB_PATH) -> str:
"""
Reads all table names + their columns from SQLite and formats them
as a compact text block. This is what we hand to Gemini so it knows
the exact table/column names to use (instead of guessing).
"""
conn = sqlite3.connect(db_path)
cur = conn.cursor()
cur.execute("SELECT name FROM sqlite_master WHERE type='table'")
tables = [row[0] for row in cur.fetchall()]
schema_lines = []
for table in tables:
cur.execute(f"PRAGMA table_info({table})")
columns = cur.fetchall() # (cid, name, type, notnull, default, pk)
col_desc = ", ".join(f"{c[1]} ({c[2]})" for c in columns)
schema_lines.append(f"Table: {table}\n Columns: {col_desc}")
conn.close()
return "\n\n".join(schema_lines)
def clean_sql_response(raw_text: str) -> str:
"""
Gemini often wraps SQL in ```sql ... ``` markdown fences.
This strips that so we're left with pure SQL text.
"""
text = raw_text.strip()
# Remove ```sql or ``` fences
text = re.sub(r"^```sql\s*", "", text, flags=re.IGNORECASE)
text = re.sub(r"^```\s*", "", text)
text = re.sub(r"```\s*$", "", text)
return text.strip()
def is_safe_sql(sql: str) -> tuple[bool, str]:
"""
Validates that the SQL is a single, read-only SELECT statement.
Returns (is_safe: bool, reason: str).
"""
stripped = sql.strip().rstrip(";").strip()
if not stripped:
return False, "Empty SQL generated."
# Must start with SELECT (allow leading WITH for CTEs)
first_word = stripped.split()[0].upper()
if first_word not in ("SELECT", "WITH"):
return False, f"Only SELECT queries are allowed. Got statement starting with '{first_word}'."
# Reject multiple statements (basic stacked-query protection)
if ";" in stripped:
return False, "Multiple statements are not allowed."
# Reject forbidden keywords anywhere in the query
upper_sql = stripped.upper()
for keyword in FORBIDDEN_KEYWORDS:
if re.search(rf"\b{keyword}\b", upper_sql):
return False, f"Forbidden keyword detected: {keyword}"
return True, "OK"