fix(dbs): remove params harness on user-provided db creds

[waleedlatif1]

Summary

• remove harness from validation on user-provided db creds
  • since these are user-provided credentials for their own databases, we don't need to do any extra validation

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Dec 11, 2025 8:19am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR removes "dangerous operation" validation patterns from query validation functions across MySQL, PostgreSQL, Neo4j, and RDS database utilities. The rationale is that since users provide their own database credentials for their own databases, they should have full control over what operations they can perform.

Key changes:

• Removed regex patterns that blocked operations like DROP DATABASE, CREATE USER, GRANT, system table access, etc.
• The allowDangerousOps parameter was removed from validateCypherQuery in Neo4j utils
• Basic statement type validation (SELECT, INSERT, UPDATE, DELETE, etc.) is still enforced across all database tools
• No functional issues found - the change is intentional and aligns with the principle that users should have full access to databases they own

Confidence Score: 5/5

• This PR is safe to merge - it removes overly restrictive validation that was blocking legitimate operations on user-owned databases.
• The changes are straightforward removal of validation code. No new logic is introduced, no bugs are created. The change aligns with the stated business requirement that users should have full control over their own databases. Basic statement type validation is still preserved.
• No files require special attention.

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/app/api/tools/mysql/utils.ts	5/5	Removed dangerous SQL pattern validation from validateQuery function. Still validates that only allowed statement types (SELECT, INSERT, UPDATE, DELETE, WITH, SHOW, DESCRIBE, EXPLAIN) can be used. Comment removal in SSL config is minor cleanup.
apps/sim/app/api/tools/neo4j/utils.ts	5/5	Removed allowDangerousOps parameter and dangerous pattern validation from validateCypherQuery. Function now only validates query is a non-empty string.
apps/sim/app/api/tools/postgresql/utils.ts	5/5	Removed dangerous SQL pattern validation from validateQuery function. Still validates that only allowed statement types (SELECT, INSERT, UPDATE, DELETE, WITH, EXPLAIN, ANALYZE, SHOW) can be used.
apps/sim/app/api/tools/rds/query/route.ts	5/5	Removed a comment before validateQuery call. No functional change.
apps/sim/app/api/tools/rds/utils.ts	5/5	Removed dangerous SQL pattern validation from validateQuery function. Still validates that only allowed statement types (SELECT, INSERT, UPDATE, DELETE, WITH, EXPLAIN, SHOW) can be used.

Sequence Diagram

sequenceDiagram
    participant User
    participant API Route
    participant validateQuery
    participant Database
    
    User->>API Route: POST with query + credentials
    API Route->>validateQuery: Validate query
    Note over validateQuery: Before: Block dangerous patterns<br/>(DROP DATABASE, GRANT, etc.)
    Note over validateQuery: After: Only validate statement type<br/>(SELECT, INSERT, UPDATE, DELETE)
    validateQuery-->>API Route: { isValid: true/false }
    alt isValid
        API Route->>Database: Execute query
        Database-->>API Route: Results
        API Route-->>User: Success response
    else !isValid
        API Route-->>User: 400 Error
    end

Loading

[greptile-apps]

_{5 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}