From d377089aad4f5c85bd45988fb7e2d262c5b5a21f Mon Sep 17 00:00:00 2001 From: Andrew Date: Sun, 14 Jan 2024 23:23:01 -0800 Subject: [PATCH 1/3] removing deprecated link --- docs/source/blog/posts/safe-sql-execution.rst | 9 --------- 1 file changed, 9 deletions(-) diff --git a/docs/source/blog/posts/safe-sql-execution.rst b/docs/source/blog/posts/safe-sql-execution.rst index 89aeaf3..6751965 100644 --- a/docs/source/blog/posts/safe-sql-execution.rst +++ b/docs/source/blog/posts/safe-sql-execution.rst @@ -1,11 +1,6 @@ 🛡️ Safely executing LLM-generated SQL ===================================== -.. image:: https://img.shields.io/badge/Upvote%20on%20HN-ff6600.svg?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AYht+2SlUqCu0g4pChOlkRFXHUKhShQqgVWnUwufQPmjQkKS6OgmvBwZ/FqoOLs64OroIg+APi6uKk6CIlfpcUWsR4x3EP733vy913gL9eZqrZMQ6ommWkEnEhk10Vgq/ophnGGPolZupzopiE5/i6h4/vdzGe5V335+hVciYDfALxLNMNi3iDeHrT0jnvE0dYUVKIz4lHDbog8SPXZZffOBcc9vPMiJFOzRNHiIVCG8ttzIqGSjxFHFVUjfL9GZcVzluc1XKVNe/JXxjKaSvLXKc1hAQWsQQRAmRUUUIZFmK0a6SYSNF53MM/6PhFcsnkKoGRYwEVqJAcP/gf/O6tmZ+ccJNCcaDzxbY/hoHgLtCo2fb3sW03ToDAM3CltfyVOjDzSXqtpUWPgL5t4OK6pcl7wOUOMPCkS4bkSAFa/nweeD+jb8oC4VugZ83tW/Mcpw9AmnqVvAEODoGRAmWve7y7q71v/9Y0+/cDaTFyo01kSV8AAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAALiMAAC4jAXilP3YAAAAHdElNRQfnCQkUMwK2x6PRAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAALxJREFUOMtj/P///38GKgIWBgYGBoY6deqY1nQTaiADAwPDy1uUGcYrxsDAwMDAxEBlQEcD4+czMBTvZ2AQVkCICStAxOLnk2Hg7YMMDGoODAyW8Qgxy3iI2PGFZBh4bAEDw9sHDAxWCQhX+jZAxG4dIJBscIEFiRAvIrtyQSIR6RAXuHUA4lKYK28dwOs64mJ5SyPRriPsQgYGSJgh48GTDgeLgSxEqSIiMkgzkIjIoIOXoeUZpYCR2lUAAM9jNTfnrPBaAAAAAElFTkSuQmCC - :target: https://news.ycombinator.com/item?id=38518256 - :alt: Hackernews post - - LLMs are surprisingly good at generating SQL from natural-language prompts. When given the schema of a database and a few guiding instructions, LLMs can construct reasonably-complex SQL queries that answer natural language questions about the data in @@ -431,7 +426,3 @@ denylist. Other, non-complete solutions should not be considered if you value the safety of your data. - -.. image:: https://img.shields.io/badge/Upvote%20on%20HN-ff6600.svg?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AYht+2SlUqCu0g4pChOlkRFXHUKhShQqgVWnUwufQPmjQkKS6OgmvBwZ/FqoOLs64OroIg+APi6uKk6CIlfpcUWsR4x3EP733vy913gL9eZqrZMQ6ommWkEnEhk10Vgq/ophnGGPolZupzopiE5/i6h4/vdzGe5V335+hVciYDfALxLNMNi3iDeHrT0jnvE0dYUVKIz4lHDbog8SPXZZffOBcc9vPMiJFOzRNHiIVCG8ttzIqGSjxFHFVUjfL9GZcVzluc1XKVNe/JXxjKaSvLXKc1hAQWsQQRAmRUUUIZFmK0a6SYSNF53MM/6PhFcsnkKoGRYwEVqJAcP/gf/O6tmZ+ccJNCcaDzxbY/hoHgLtCo2fb3sW03ToDAM3CltfyVOjDzSXqtpUWPgL5t4OK6pcl7wOUOMPCkS4bkSAFa/nweeD+jb8oC4VugZ83tW/Mcpw9AmnqVvAEODoGRAmWve7y7q71v/9Y0+/cDaTFyo01kSV8AAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAALiMAAC4jAXilP3YAAAAHdElNRQfnCQkUMwK2x6PRAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAALxJREFUOMtj/P///38GKgIWBgYGBoY6deqY1nQTaiADAwPDy1uUGcYrxsDAwMDAxEBlQEcD4+czMBTvZ2AQVkCICStAxOLnk2Hg7YMMDGoODAyW8Qgxy3iI2PGFZBh4bAEDw9sHDAxWCQhX+jZAxG4dIJBscIEFiRAvIrtyQSIR6RAXuHUA4lKYK28dwOs64mJ5SyPRriPsQgYGSJgh48GTDgeLgSxEqSIiMkgzkIjIoIOXoeUZpYCR2lUAAM9jNTfnrPBaAAAAAElFTkSuQmCC - :target: https://news.ycombinator.com/item?id=38518256 - :alt: Hackernews post From dc46737e69ddcaa227f39c95229c60cabc46dfdd Mon Sep 17 00:00:00 2001 From: Andrew Moffat Date: Fri, 2 Feb 2024 23:11:40 -0800 Subject: [PATCH 2/3] vscode settings --- .vscode/settings.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 2267900..9982956 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -2,13 +2,9 @@ "[python]": { "editor.defaultFormatter": "ms-python.black-formatter" }, - "python.formatting.provider": "none", "python.testing.pytestArgs": ["heimdallm", "-s"], "python.testing.unittestEnabled": false, "python.testing.pytestEnabled": true, "editor.rulers": [88], - "notebook.formatOnSave.enabled": true, - "python.linting.flake8Enabled": false, - "python.linting.mypyEnabled": true, - "python.linting.enabled": true + "notebook.formatOnSave.enabled": true } From 75f56bcc03dab6694337b36f5b8298d54ed847a3 Mon Sep 17 00:00:00 2001 From: Andrew Moffat Date: Sat, 3 Feb 2024 00:24:33 -0800 Subject: [PATCH 3/3] bugfix elided tree ambiguity resolver, fixes #23 --- CHANGELOG.md | 4 ++++ .../bifrosts/sql/mysql/select/grammar.lark | 4 ++-- .../bifrosts/sql/postgres/select/grammar.lark | 4 ++-- .../bifrosts/sql/sqlite/select/grammar.lark | 4 ++-- .../sql/tests/sql/select/test_ambiguous.py | 17 +++++++++++++++++ pyproject.toml | 2 +- 6 files changed, 28 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c46e932..314d557 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.0.3 - 2/3/24 + +- Bugfix where elided tree from a boolean token triggered ambiguity resolver + ## 1.0.2 - 11/10/23 - Resolving Dependabot suggestions diff --git a/heimdallm/bifrosts/sql/mysql/select/grammar.lark b/heimdallm/bifrosts/sql/mysql/select/grammar.lark index c6b7322..2a76f21 100644 --- a/heimdallm/bifrosts/sql/mysql/select/grammar.lark +++ b/heimdallm/bifrosts/sql/mysql/select/grammar.lark @@ -114,7 +114,7 @@ between_comparison : value (_WS NOT)? _WS BETWEEN _WS value _WS AND _WS value // are declared, so we cannot use this there ?value : NUMBER | string - | boolean + | BOOLEAN | NULL | NUMBER_PREFIX? value_expr | NUMBER_PREFIX? fq_column @@ -135,7 +135,7 @@ function : FUNCTION_NAME "(" \ ")" FUNCTION_NAME : /[a-zA-Z_]+/ -?boolean : TRUE | FALSE +BOOLEAN : TRUE | FALSE ?string : ESCAPED_STRING // a placeholder for a value passed in as a parameter at query execution time diff --git a/heimdallm/bifrosts/sql/postgres/select/grammar.lark b/heimdallm/bifrosts/sql/postgres/select/grammar.lark index 4a8b97a..0aa2469 100644 --- a/heimdallm/bifrosts/sql/postgres/select/grammar.lark +++ b/heimdallm/bifrosts/sql/postgres/select/grammar.lark @@ -117,7 +117,7 @@ fts_comparison : value "@@" value // are declared, so we cannot use this there ?value : PREFIX_CAST? (NUMBER | string - | boolean + | BOOLEAN | NULL | NUMBER_PREFIX? value_expr | NUMBER_PREFIX? fq_column @@ -143,7 +143,7 @@ SUBSTRING_FN_NAME : "substring"i EXTRACT_FN_NAME : "extract"i CAST_FN_NAME : "cast"i -?boolean : TRUE | FALSE +BOOLEAN : TRUE | FALSE ?string : ESCAPE_PREFIX? ESCAPED_STRING // a placeholder for a value passed in as a parameter at query execution time diff --git a/heimdallm/bifrosts/sql/sqlite/select/grammar.lark b/heimdallm/bifrosts/sql/sqlite/select/grammar.lark index d1f7710..018717b 100644 --- a/heimdallm/bifrosts/sql/sqlite/select/grammar.lark +++ b/heimdallm/bifrosts/sql/sqlite/select/grammar.lark @@ -117,7 +117,7 @@ between_comparison : value (_WS NOT)? _WS BETWEEN _WS value _WS AND _WS value // are declared, so we cannot use this there ?value : NUMBER | string - | boolean + | BOOLEAN | NULL | NUMBER_PREFIX? value_expr | NUMBER_PREFIX? fq_column @@ -136,7 +136,7 @@ function : FUNCTION_NAME "(" \ ")" FUNCTION_NAME : /[a-zA-Z_]+/ -?boolean : TRUE | FALSE +BOOLEAN : TRUE | FALSE ?string : ESCAPED_STRING // a placeholder for a value passed in as a parameter at query execution time diff --git a/heimdallm/bifrosts/sql/tests/sql/select/test_ambiguous.py b/heimdallm/bifrosts/sql/tests/sql/select/test_ambiguous.py index d600b5d..f586c76 100644 --- a/heimdallm/bifrosts/sql/tests/sql/select/test_ambiguous.py +++ b/heimdallm/bifrosts/sql/tests/sql/select/test_ambiguous.py @@ -24,3 +24,20 @@ def test_ambiguous_arith(dialect: str, Bifrost: Type[Bifrost]): """ bifrost.traverse(query) + + +@dialects() +def test_ambiguous_bool(dialect: str, Bifrost: Type[Bifrost]): + """A regression test to ensure that boolean tokens do not trigger the ambiguity + resolver""" + bifrost = Bifrost.validation_only(PermissiveConstraints()) + + query = """ +SELECT + col +FROM + postings AS p +WHERE + p.is_hired = true + """ + bifrost.traverse(query) diff --git a/pyproject.toml b/pyproject.toml index 737454a..5d17f4f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "heimdallm" -version = "1.0.2" +version = "1.0.3" description = "Construct trusted SQL queries from untrusted input" homepage = "https://github.com/amoffat/HeimdaLLM" repository = "https://github.com/amoffat/HeimdaLLM"