Skip to content

fix(server): allow readonly metadata statements#297

Merged
lentil32 merged 1 commit into
mainfrom
fix/general-readonly-metadata-statements
Jun 26, 2026
Merged

fix(server): allow readonly metadata statements#297
lentil32 merged 1 commit into
mainfrom
fix/general-readonly-metadata-statements

Conversation

@lentil32

Copy link
Copy Markdown
Contributor

One-Line Summary

Allow read-only SQL metadata statements such as SHOW, DESCRIBE, and EXPLAIN without bypassing existing safety validation.

User-Facing Changes

  • SHOW metadata queries remain allowed across supported providers.
  • DESCRIBE and DESC metadata queries are now accepted by the read-only SQL validator.
  • EXPLAIN SELECT ... and EXPLAIN ANALYZE SELECT ... are now accepted when the parser exposes the explained query for validation.
  • Unsafe expressions inside metadata statements, such as MySQL SLEEP() or GET_LOCK(), are still rejected.

Why This Changed

The previous implementation handled metadata statements as provider-specific branches. That worked for SHOW, but it made adding similar read-only statements like DESCRIBE and EXPLAIN require more special cases and risked skipping existing AST-level safety checks.

How It Changed

  • Added a metadata statement policy table in the server SQL validator for SHOW, DESCRIBE/DESC, and EXPLAIN.
  • Kept the existing validation pipeline for CTEs, SELECT INTO, locking clauses, unsafe functions, and side-effecting expressions.
  • Allows only the top-level metadata statement root as a read-only root; nested expressions still traverse the normal validator.
  • Updated the connector Athena SQL guard to recognize DESCRIBE, DESC, and safe EXPLAIN forms.

Bug Fixes

  • Under metadata-query validation, DESCRIBE queries were rejected even though they are read-only metadata operations.
  • Under future metadata statement additions, root allowlisting could become fragmented and harder to extend safely; this change centralizes the policy.

Extra Context / Decisions (Optional)

  • EXPLAIN is not allowed as an opaque command when the parser cannot expose the explained query AST, because that would prevent the validator from seeing unsafe nested operations.

Verification

  • rtk mise exec -- bun --cwd packages/server vitest run src/services/data-source-query/validate-sql.test.ts src/services/data-source-query/execute-query.test.ts
  • rtk mise exec -- bun --cwd apps/connector vitest run src/jobs/validation.test.ts
  • rtk mise exec -- bunx turbo typecheck --json --filter=@onequery/server --filter=@onequery/connector
  • rtk mise exec -- bunx turbo test --json --filter=@onequery/server --filter=@onequery/connector
  • rtk mise exec -- bun lint --format json
  • rtk mise exec -- bun run format
  • rtk git push -u origin fix/general-readonly-metadata-statements ran pre-push lint-full successfully.

Video / Screenshot (Optional)

  • N/A

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
onequery-landing d753dca Commit Preview URL

Branch Preview URL
Jun 26 2026, 02:59 AM

@lentil32 lentil32 merged commit 5276df6 into main Jun 26, 2026
9 checks passed
@lentil32 lentil32 deleted the fix/general-readonly-metadata-statements branch June 26, 2026 03:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant