admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: SQL Explorer handles comments and shows descriptive errors

Browse Source 
- Strip SQL comments (-- and /* */) before checking for SELECT,
  so queries with leading comments don't get rejected
- Show the actual error detail from the API response instead of
  generic 'API error 400' in the SQL Explorer UI
This commit is contained in:
Celes Renata
2026-04-16 05:25:45 +00:00
parent d28787a8ee
commit 1107d34027
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/api/app.py
+6 -1
View File
@@ -1712,7 +1712,12 @@ async def pg_query(body: dict[str, Any]):
limit = min(int(body.get("limit", 1000)), 10000)
# Safety: only allow SELECT statements
if not sql.upper().startswith("SELECT"):
# Strip SQL comments (-- and /* */) and whitespace before checking
import re
stripped = re.sub(r'--[^\n]*', '', sql) # remove -- comments
stripped = re.sub(r'/\*.*?\*/', '', stripped, flags=re.DOTALL) # remove /* */ comments
stripped = stripped.strip()
if not stripped.upper().startswith("SELECT"):
raise HTTPException(400, "Only SELECT queries are allowed")
# Add LIMIT if not present