Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version 1.0.3 #25

Merged
merged 5 commits into from
Feb 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,9 @@
"[python]": {
"editor.defaultFormatter": "ms-python.black-formatter"
},
"python.formatting.provider": "none",
"python.testing.pytestArgs": ["heimdallm", "-s"],
"python.testing.unittestEnabled": false,
"python.testing.pytestEnabled": true,
"editor.rulers": [88],
"notebook.formatOnSave.enabled": true,
"python.linting.flake8Enabled": false,
"python.linting.mypyEnabled": true,
"python.linting.enabled": true
"notebook.formatOnSave.enabled": true
}
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 1.0.3 - 2/3/24

- Bugfix where elided tree from a boolean token triggered ambiguity resolver

## 1.0.2 - 11/10/23

- Resolving Dependabot suggestions
Expand Down
9 changes: 0 additions & 9 deletions docs/source/blog/posts/safe-sql-execution.rst
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
🛡️ Safely executing LLM-generated SQL
=====================================

.. image:: https://img.shields.io/badge/Upvote%20on%20HN-ff6600.svg?logo=
:target: https://news.ycombinator.com/item?id=38518256
:alt: Hackernews post


LLMs are surprisingly good at generating SQL from natural-language prompts. When given
the schema of a database and a few guiding instructions, LLMs can construct
reasonably-complex SQL queries that answer natural language questions about the data in
Expand Down Expand Up @@ -431,7 +426,3 @@ denylist.

Other, non-complete solutions should not be considered if you value the safety of your
data.

.. image:: https://img.shields.io/badge/Upvote%20on%20HN-ff6600.svg?logo=
:target: https://news.ycombinator.com/item?id=38518256
:alt: Hackernews post
4 changes: 2 additions & 2 deletions heimdallm/bifrosts/sql/mysql/select/grammar.lark
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ between_comparison : value (_WS NOT)? _WS BETWEEN _WS value _WS AND _WS value
// are declared, so we cannot use this there
?value : NUMBER
| string
| boolean
| BOOLEAN
| NULL
| NUMBER_PREFIX? value_expr
| NUMBER_PREFIX? fq_column
Expand All @@ -135,7 +135,7 @@ function : FUNCTION_NAME "(" \
")"
FUNCTION_NAME : /[a-zA-Z_]+/

?boolean : TRUE | FALSE
BOOLEAN : TRUE | FALSE
?string : ESCAPED_STRING

// a placeholder for a value passed in as a parameter at query execution time
Expand Down
4 changes: 2 additions & 2 deletions heimdallm/bifrosts/sql/postgres/select/grammar.lark
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ fts_comparison : value "@@" value
// are declared, so we cannot use this there
?value : PREFIX_CAST? (NUMBER
| string
| boolean
| BOOLEAN
| NULL
| NUMBER_PREFIX? value_expr
| NUMBER_PREFIX? fq_column
Expand All @@ -143,7 +143,7 @@ SUBSTRING_FN_NAME : "substring"i
EXTRACT_FN_NAME : "extract"i
CAST_FN_NAME : "cast"i

?boolean : TRUE | FALSE
BOOLEAN : TRUE | FALSE
?string : ESCAPE_PREFIX? ESCAPED_STRING

// a placeholder for a value passed in as a parameter at query execution time
Expand Down
4 changes: 2 additions & 2 deletions heimdallm/bifrosts/sql/sqlite/select/grammar.lark
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ between_comparison : value (_WS NOT)? _WS BETWEEN _WS value _WS AND _WS value
// are declared, so we cannot use this there
?value : NUMBER
| string
| boolean
| BOOLEAN
| NULL
| NUMBER_PREFIX? value_expr
| NUMBER_PREFIX? fq_column
Expand All @@ -136,7 +136,7 @@ function : FUNCTION_NAME "(" \
")"
FUNCTION_NAME : /[a-zA-Z_]+/

?boolean : TRUE | FALSE
BOOLEAN : TRUE | FALSE
?string : ESCAPED_STRING

// a placeholder for a value passed in as a parameter at query execution time
Expand Down
17 changes: 17 additions & 0 deletions heimdallm/bifrosts/sql/tests/sql/select/test_ambiguous.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,20 @@ def test_ambiguous_arith(dialect: str, Bifrost: Type[Bifrost]):
"""

bifrost.traverse(query)


@dialects()
def test_ambiguous_bool(dialect: str, Bifrost: Type[Bifrost]):
"""A regression test to ensure that boolean tokens do not trigger the ambiguity
resolver"""
bifrost = Bifrost.validation_only(PermissiveConstraints())

query = """
SELECT
col
FROM
postings AS p
WHERE
p.is_hired = true
"""
bifrost.traverse(query)
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "heimdallm"
version = "1.0.2"
version = "1.0.3"
description = "Construct trusted SQL queries from untrusted input"
homepage = "https://github.com/amoffat/HeimdaLLM"
repository = "https://github.com/amoffat/HeimdaLLM"
Expand Down
Loading