@ibm/ibmi-mcp-server 0.2.0 → 0.3.0

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidator.js

@@ -1,13 +1,14 @@
 /**
  * @fileoverview SQL Security Validator for validating SQL queries against security policies
- * Provides both AST-based and regex-based validation with comprehensive security checks
+ * Uses vscode-db2i tokenizer for precise validation and regex patterns as fallback
  *
  * @module src/utils/security/sqlSecurityValidator
  */
-import pkg from "node-sql-parser";
-const { Parser } = pkg;
 import { logger } from "../../../utils/internal/logger.js";
 import { JsonRpcErrorCode, McpError } from "../../../types-global/errors.js";
+import { IbmiSqlParser } from "./ibmiSqlParser.js";
+import SQLTokeniser from "../../utils/language/tokens.js";
+import { SqlSecurityValidatorFallback } from "./sqlSecurityValidatorFallback.js";
 /**
  * Dangerous SQL operations that should be blocked in read-only mode
  */
@@ -16,7 +17,6 @@ export const DANGEROUS_OPERATIONS = [
     "INSERT",
     "UPDATE",
     "DELETE",
-    "REPLACE",
     "MERGE",
     "TRUNCATE",
     // Schema operations
@@ -60,45 +60,79 @@ export const DANGEROUS_OPERATIONS = [
     "QCMDEXC",
     "SQL_EXECUTE_IMMEDIATE",
 ];
-/**
- * Dangerous SQL functions that should be monitored/blocked
- */
-export const DANGEROUS_FUNCTIONS = [
-    "SYSTEM",
-    "QCMDEXC",
-    "SQL_EXECUTE_IMMEDIATE",
-    "SQLCMD",
-    "LOAD_EXTENSION",
-    "EXEC",
-    "EXECUTE_IMMEDIATE",
-    "EVAL",
-    "CONCAT",
-    "CHAR",
-    "VARCHAR", // Can be used for dynamic SQL construction
-];
 /**
  * Dangerous SQL patterns that should be detected
  */
 export const DANGEROUS_PATTERNS = [
-    // Dynamic SQL patterns
-    /\bCONCAT\s*\(/i,
-    /\b(CHAR|VARCHAR|CLOB)\s*\(/i,
-    // System function patterns
-    /\bSYSTEM\s*\(/i,
-    /\bLOAD_EXTENSION\s*\(/i,
-    /\bQCMDEXC\s*\(/i,
-    // Comment-based bypass attempts
-    /\/\*.*?(DROP|DELETE|INSERT|UPDATE).*?\*\//i,
-    // Multiple statement patterns
+    // Multiple statement patterns (SQL injection via statement chaining)
     /;\s*(DROP|DELETE|INSERT|UPDATE|CREATE|ALTER)/i,
-    // Union-based attacks
+    // Union-based attacks (SQL injection via UNION with dangerous operations)
     /\bUNION\s+(ALL\s+)?\s*\(\s*(DROP|DELETE|INSERT|UPDATE)/i,
+    // REPLACE statement (MySQL-specific write operation)
+    /\bREPLACE\s+INTO\b/i,
 ];
 /**
  * SQL Security Validator class for comprehensive SQL security validation
+ * Uses token-based validation with vscode-db2i tokenizer as primary method
  */
 export class SqlSecurityValidator {
-    static parser = new Parser();
+    static tokeniser = new SQLTokeniser();
+    /**
+     * Truncate query string for error messages and logging
+     * @param query - SQL query to truncate
+     * @param maxLength - Maximum length before truncation (default: 100)
+     * @returns Truncated query with ellipsis if needed
+     * @private
+     */
+    static truncateQuery(query, maxLength = 100) {
+        return query.length > maxLength
+            ? query.substring(0, maxLength) + "..."
+            : query;
+    }
+    /**
+     * Throw validation error with standardized format
+     * @param message - Error message
+     * @param violations - List of violations
+     * @param context - Additional context for error
+     * @param query - SQL query being validated
+     * @throws McpError with ValidationError code
+     * @private
+     */
+    static throwValidationError(message, violations, context, query) {
+        throw new McpError(JsonRpcErrorCode.ValidationError, message, {
+            violations,
+            ...context,
+            query: this.truncateQuery(query),
+        });
+    }
+    /**
+     * Validate forbidden keywords using token-based approach
+     * This method uses the vscode-db2i tokenizer to precisely identify SQL keywords
+     * @param query - SQL query to validate
+     * @param forbiddenKeywords - List of forbidden keywords
+     * @returns Security validation result
+     * @private
+     */
+    static validateForbiddenKeywordsToken(query, forbiddenKeywords) {
+        const tokens = this.tokeniser.tokenise(query);
+        const violations = [];
+        // Use Set for O(1) lookup performance
+        const forbiddenSet = new Set(forbiddenKeywords.map(kw => kw.toUpperCase()));
+        for (const token of tokens) {
+            // Skip string literals - only check actual SQL keywords
+            if (token.type === "string")
+                continue;
+            const value = token.value?.toUpperCase();
+            if (value && forbiddenSet.has(value)) {
+                violations.push(`Forbidden keyword: ${value}`);
+            }
+        }
+        return {
+            isValid: violations.length === 0,
+            violations,
+            validationMethod: "combined",
+        };
+    }
     /**
      * Validate SQL query against security configuration
      * @param query - SQL query to validate
@@ -137,12 +171,12 @@ export class SqlSecurityValidator {
             throw new McpError(JsonRpcErrorCode.ValidationError, `Query exceeds maximum length of ${maxLength} characters`, {
                 queryLength: query.length,
                 maxLength,
-                query: query.substring(0, 100) + (query.length > 100 ? "..." : ""),
+                query: this.truncateQuery(query),
             });
         }
     }
     /**
-     * Validate forbidden keywords using both AST and regex approaches
+     * Validate forbidden keywords using token-based approach with regex fallback
      * @param query - SQL query to validate
      * @param securityConfig - Security configuration
      * @param context - Request context for logging
@@ -153,274 +187,60 @@ export class SqlSecurityValidator {
             securityConfig.forbiddenKeywords.length === 0) {
             return;
         }
-        // Try AST-based validation first
-        const astResult = this.validateForbiddenKeywordsAST(query, securityConfig.forbiddenKeywords, context);
-        if (!astResult.isValid) {
-            throw new McpError(JsonRpcErrorCode.ValidationError, `Forbidden keywords detected: ${astResult.violations.join(", ")}`, {
-                violations: astResult.violations,
-                forbiddenKeywords: securityConfig.forbiddenKeywords,
-                query: query.substring(0, 100) + (query.length > 100 ? "..." : ""),
-            });
-        }
-        // Fallback to regex validation
-        const regexResult = this.validateForbiddenKeywordsRegex(query, securityConfig.forbiddenKeywords);
-        if (!regexResult.isValid) {
-            throw new McpError(JsonRpcErrorCode.ValidationError, `Forbidden keywords detected: ${regexResult.violations.join(", ")}`, {
-                violations: regexResult.violations,
-                forbiddenKeywords: securityConfig.forbiddenKeywords,
-                query: query.substring(0, 100) + (query.length > 100 ? "..." : ""),
-            });
-        }
-    }
-    /**
-     * Validate read-only restrictions using comprehensive validation
-     * @param query - SQL query to validate
-     * @param context - Request context for logging
-     * @private
-     */
-    static validateReadOnlyRestrictions(query, context) {
-        // Try AST-based validation first (more reliable)
-        const astResult = this.validateQueryAST(query, context);
-        if (!astResult.isValid) {
-            throw new McpError(JsonRpcErrorCode.ValidationError, `Write operations detected: ${astResult.violations.join(", ")}`, {
-                violations: astResult.violations,
-                readOnly: true,
-                query: query.substring(0, 100) + (query.length > 100 ? "..." : ""),
-            });
-        }
-        // Fallback to regex validation for additional coverage
-        const regexResult = this.validateQueryRegex(query, context);
-        if (!regexResult.isValid) {
-            throw new McpError(JsonRpcErrorCode.ValidationError, `Write operations detected: ${regexResult.violations.join(", ")}`, {
-                violations: regexResult.violations,
-                readOnly: true,
-                query: query.substring(0, 100) + (query.length > 100 ? "..." : ""),
-            });
-        }
-    }
-    /**
-     * Validate SQL query using AST parsing
-     * @param query - SQL query to validate
-     * @param context - Request context for logging
-     * @private
-     */
-    static validateQueryAST(query, context) {
-        const violations = [];
         try {
-            const ast = this.parser.astify(query, { database: "mysql" });
-            logger.debug({
-                ...context,
-                astType: Array.isArray(ast) ? "multiple" : "single",
-                statementCount: Array.isArray(ast) ? ast.length : 1,
-            }, "SQL AST parsed successfully");
-            const statements = Array.isArray(ast) ? ast : [ast];
-            for (const statement of statements) {
-                if (!statement || typeof statement !== "object")
-                    continue;
-                const objStmt = statement;
-                const stmtType = String(objStmt.type || "").toUpperCase();
-                // 1. Check top-level statement type
-                if (stmtType &&
-                    DANGEROUS_OPERATIONS.includes(stmtType)) {
-                    violations.push(`Dangerous statement type: ${stmtType}`);
-                }
-                // 2. Check for dangerous functions anywhere in the AST
-                const dangerousFunctions = this.findDangerousFunctionsInAST(statement);
-                if (dangerousFunctions.length > 0) {
-                    violations.push(...dangerousFunctions.map((f) => `Dangerous function: ${f}`));
-                }
-                // 3. Check for UNION-based attacks
-                if (this.hasUnionWithDangerousStatements(statement)) {
-                    violations.push("UNION with dangerous statements detected");
-                }
-            }
-            return {
-                isValid: violations.length === 0,
-                violations,
-                validationMethod: "ast",
-            };
-        }
-        catch (parseError) {
-            logger.warning({
-                ...context,
-                error: parseError instanceof Error
-                    ? parseError.message
-                    : String(parseError),
-                queryLength: query.length,
-            }, "SQL AST parsing failed, will use regex validation only");
-            return {
-                isValid: true, // Let regex validation handle it
-                violations: [],
-                validationMethod: "ast",
-            };
-        }
-    }
-    /**
-     * Validate SQL query using regex patterns
-     * @param query - SQL query to validate
-     * @param _context - Request context for logging (unused but kept for consistency)
-     * @private
-     */
-    static validateQueryRegex(query, _context) {
-        const violations = [];
-        // Check for dangerous operations
-        for (const operation of DANGEROUS_OPERATIONS) {
-            const pattern = new RegExp(`\\b${operation}\\b`, "i");
-            if (pattern.test(query)) {
-                violations.push(`Write operation '${operation}' detected`);
-            }
-        }
-        // Check for dangerous patterns
-        for (const pattern of DANGEROUS_PATTERNS) {
-            if (pattern.test(query)) {
-                violations.push(`Dangerous pattern detected: ${pattern.source}`);
+            // Try token-based validation first (more precise)
+            const tokenResult = this.validateForbiddenKeywordsToken(query, securityConfig.forbiddenKeywords);
+            if (!tokenResult.isValid) {
+                this.throwValidationError(`Forbidden keywords detected: ${tokenResult.violations.join(", ")}`, tokenResult.violations, {
+                    forbiddenKeywords: securityConfig.forbiddenKeywords,
+                    validatedBy: "token",
+                }, query);
             }
-        }
-        // Check for suspicious function calls
-        for (const func of DANGEROUS_FUNCTIONS) {
-            const pattern = new RegExp(`\\b${func}\\s*\\(`, "i");
-            if (pattern.test(query)) {
-                violations.push(`Suspicious function '${func}' detected`);
+            logger.debug({ ...context, validatedBy: "token" }, "Forbidden keywords validation passed");
+        }
+        catch (tokenError) {
+            // If tokenization fails, fall back to regex validation
+            logger.debug({ ...context, error: String(tokenError) }, "Token validation failed, falling back to regex");
+            const regexResult = SqlSecurityValidatorFallback.validateForbiddenKeywords(query, securityConfig.forbiddenKeywords, context);
+            if (!regexResult.isValid) {
+                this.throwValidationError(`Forbidden keywords detected: ${regexResult.violations.join(", ")}`, regexResult.violations, {
+                    forbiddenKeywords: securityConfig.forbiddenKeywords,
+                    validatedBy: "regex-fallback",
+                }, query);
             }
         }
-        return {
-            isValid: violations.length === 0,
-            violations,
-            validationMethod: "regex",
-        };
     }
     /**
-     * Validate forbidden keywords using AST parsing
+     * Validate read-only restrictions using IBM i parser with regex fallback
      * @param query - SQL query to validate
-     * @param forbiddenKeywords - List of forbidden keywords
      * @param context - Request context for logging
      * @private
      */
-    static validateForbiddenKeywordsAST(query, forbiddenKeywords, context) {
-        const violations = [];
-        try {
-            const ast = this.parser.astify(query, { database: "mysql" });
-            const statements = Array.isArray(ast) ? ast : [ast];
-            for (const statement of statements) {
-                const foundKeywords = this.findForbiddenKeywordsInAST(statement, forbiddenKeywords);
-                violations.push(...foundKeywords.map((k) => `Forbidden keyword: ${k}`));
+    static validateReadOnlyRestrictions(query, context) {
+        // Try IBM i parser first (understands IBM i syntax and uses vscode-db2i)
+        const ibmiResult = IbmiSqlParser.parseQuery(query, context);
+        if (ibmiResult.success) {
+            // If IBM i parser successfully validated, use its results
+            if (!ibmiResult.isReadOnly) {
+                this.throwValidationError(`Write operations detected: ${ibmiResult.violations.join(", ")}`, ibmiResult.violations, {
+                    readOnly: true,
+                    validatedBy: "ibmi-vscode",
+                }, query);
             }
-        }
-        catch (parseError) {
             logger.debug({
                 ...context,
-                error: parseError instanceof Error
-                    ? parseError.message
-                    : String(parseError),
-            }, "AST parsing failed for forbidden keyword validation");
-        }
-        return {
-            isValid: violations.length === 0,
-            violations,
-            validationMethod: "ast",
-        };
-    }
-    /**
-     * Validate forbidden keywords using regex patterns
-     * @param query - SQL query to validate
-     * @param forbiddenKeywords - List of forbidden keywords
-     * @private
-     */
-    static validateForbiddenKeywordsRegex(query, forbiddenKeywords) {
-        const violations = [];
-        for (const keyword of forbiddenKeywords) {
-            const pattern = new RegExp(`\\b${keyword.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`, "i");
-            if (pattern.test(query)) {
-                violations.push(`Forbidden keyword: ${keyword}`);
-            }
-        }
-        return {
-            isValid: violations.length === 0,
-            violations,
-            validationMethod: "regex",
-        };
-    }
-    /**
-     * Find dangerous functions anywhere in the AST
-     * @param node - AST node to analyze
-     * @private
-     */
-    static findDangerousFunctionsInAST(node) {
-        const violations = [];
-        if (!node || typeof node !== "object")
-            return violations;
-        const objNode = node;
-        // Check if this node is a function call
-        if (objNode.type === "function" && objNode.name) {
-            const funcName = String(objNode.name).toUpperCase();
-            if (DANGEROUS_FUNCTIONS.includes(funcName)) {
-                violations.push(funcName);
-            }
-        }
-        // Recursively check all properties
-        for (const key in objNode) {
-            const value = objNode[key];
-            if (Array.isArray(value)) {
-                value.forEach((item) => violations.push(...this.findDangerousFunctionsInAST(item)));
-            }
-            else if (typeof value === "object") {
-                violations.push(...this.findDangerousFunctionsInAST(value));
-            }
-        }
-        return violations;
-    }
-    /**
-     * Find forbidden keywords anywhere in the AST
-     * @param node - AST node to analyze
-     * @param forbiddenKeywords - List of forbidden keywords
-     * @private
-     */
-    static findForbiddenKeywordsInAST(node, forbiddenKeywords) {
-        const violations = [];
-        if (!node || typeof node !== "object")
-            return violations;
-        const objNode = node;
-        // Check string values for forbidden keywords
-        for (const key in objNode) {
-            const value = objNode[key];
-            if (typeof value === "string") {
-                for (const keyword of forbiddenKeywords) {
-                    const pattern = new RegExp(`\\b${keyword.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`, "i");
-                    if (pattern.test(value)) {
-                        violations.push(keyword);
-                    }
-                }
-            }
-            else if (Array.isArray(value)) {
-                value.forEach((item) => violations.push(...this.findForbiddenKeywordsInAST(item, forbiddenKeywords)));
-            }
-            else if (typeof value === "object") {
-                violations.push(...this.findForbiddenKeywordsInAST(value, forbiddenKeywords));
-            }
-        }
-        return violations;
-    }
-    /**
-     * Check for UNION with dangerous statements
-     * @param statement - AST statement to check
-     * @private
-     */
-    static hasUnionWithDangerousStatements(statement) {
-        if (!statement || typeof statement !== "object")
-            return false;
-        const stmt = statement;
-        // Check if this is a UNION statement
-        if (stmt.type === "select" && stmt.union) {
-            // Check each part of the union
-            const unionParts = Array.isArray(stmt.union) ? stmt.union : [stmt.union];
-            for (const part of unionParts) {
-                const partObj = part;
-                if (partObj.type && String(partObj.type).toUpperCase() !== "SELECT") {
-                    return true;
-                }
-            }
+                validatedBy: "ibmi-vscode",
+                statementTypes: ibmiResult.statementTypes,
+            }, "Read-only validation passed using IBM i vscode parser");
+            return; // Success - skip regex fallback
+        }
+        // Fall back to regex validation
+        logger.debug({ ...context }, "Falling back to regex validation for read-only check");
+        const regexResult = SqlSecurityValidatorFallback.validateReadOnly(query, context);
+        if (!regexResult.isValid) {
+            this.throwValidationError(`Write operations detected: ${regexResult.violations.join(", ")}`, regexResult.violations, { readOnly: true, validatedBy: "regex-fallback" }, query);
         }
-        return false;
+        logger.debug({ ...context, validatedBy: "regex-fallback" }, "Read-only validation passed via regex fallback");
     }
 }
 //# sourceMappingURL=sqlSecurityValidator.js.map

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidator.js.map

@@ -1 +1 @@
-{"version":3,"file":"sqlSecurityValidator.js","sourceRoot":"","sources":["../../../../src/ibmi-mcp-server/utils/security/sqlSecurityValidator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,GAAG,MAAM,iBAAiB,CAAC;AAClC,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;AACvB,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAetE;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,oBAAoB;IACpB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,OAAO;IACP,UAAU;IACV,oBAAoB;IACpB,MAAM;IACN,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,oBAAoB;IACpB,MAAM;IACN,MAAM;IACN,SAAS;IACT,KAAK;IACL,SAAS;IACT,sBAAsB;IACtB,OAAO;IACP,QAAQ;IACR,MAAM;IACN,gBAAgB;IAChB,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,iBAAiB;IACjB,UAAU;IACV,SAAS;IACT,MAAM;IACN,MAAM;IACN,OAAO;IACP,iBAAiB;IACjB,QAAQ;IACR,SAAS;IACT,MAAM;IACN,UAAU;IACV,MAAM;IACN,QAAQ;IACR,mDAAmD;IACnD,QAAQ;IACR,UAAU;IACV,WAAW;IACX,iBAAiB;IACjB,SAAS;IACT,uBAAuB;CACf,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,QAAQ;IACR,SAAS;IACT,uBAAuB;IACvB,QAAQ;IACR,gBAAgB;IAChB,MAAM;IACN,mBAAmB;IACnB,MAAM;IACN,QAAQ;IACR,MAAM;IACN,SAAS,EAAE,2CAA2C;CAC9C,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,uBAAuB;IACvB,gBAAgB;IAChB,6BAA6B;IAC7B,2BAA2B;IAC3B,gBAAgB;IAChB,wBAAwB;IACxB,iBAAiB;IACjB,gCAAgC;IAChC,4CAA4C;IAC5C,8BAA8B;IAC9B,+CAA+C;IAC/C,sBAAsB;IACtB,yDAAyD;CACjD,CAAC;AAEX;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,MAAM,CAAC,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAErC;;;;;;OAMG;IACH,MAAM,CAAC,aAAa,CAClB,KAAa,EACb,cAAqC,EACrC,OAAuB;QAEvB,MAAM,CAAC,KAAK,CACV;YACE,GAAG,OAAO;YACV,WAAW,EAAE,KAAK,CAAC,MAAM;YACzB,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,cAAc,EAAE,cAAc,CAAC,cAAc;SAC9C,EACD,kCAAkC,CACnC,CAAC;QAEF,8BAA8B;QAC9B,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAEhD,0EAA0E;QAC1E,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;QAE/D,4EAA4E;QAC5E,IAAI,cAAc,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YACtC,IAAI,CAAC,4BAA4B,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,CAAC,KAAK,CACV;YACE,GAAG,OAAO;SACX,EACD,gCAAgC,CACjC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,mBAAmB,CAChC,KAAa,EACb,cAAqC;QAErC,MAAM,SAAS,GAAG,cAAc,CAAC,cAAc,IAAI,KAAK,CAAC;QACzD,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,mCAAmC,SAAS,aAAa,EACzD;gBACE,WAAW,EAAE,KAAK,CAAC,MAAM;gBACzB,SAAS;gBACT,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,yBAAyB,CACtC,KAAa,EACb,cAAqC,EACrC,OAAuB;QAEvB,IACE,CAAC,cAAc,CAAC,iBAAiB;YACjC,cAAc,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAC7C,CAAC;YACD,OAAO;QACT,CAAC;QAED,iCAAiC;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,4BAA4B,CACjD,KAAK,EACL,cAAc,CAAC,iBAAiB,EAChC,OAAO,CACR,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,gCAAgC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACjE;gBACE,UAAU,EAAE,SAAS,CAAC,UAAU;gBAChC,iBAAiB,EAAE,cAAc,CAAC,iBAAiB;gBACnD,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CACF,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,8BAA8B,CACrD,KAAK,EACL,cAAc,CAAC,iBAAiB,CACjC,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,gCAAgC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACnE;gBACE,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,iBAAiB,EAAE,cAAc,CAAC,iBAAiB;gBACnD,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,4BAA4B,CACzC,KAAa,EACb,OAAuB;QAEvB,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,8BAA8B,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAC/D;gBACE,UAAU,EAAE,SAAS,CAAC,UAAU;gBAChC,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CACF,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,8BAA8B,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACjE;gBACE,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,gBAAgB,CAC7B,KAAa,EACb,OAAuB;QAEvB,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAE7D,MAAM,CAAC,KAAK,CACV;gBACE,GAAG,OAAO;gBACV,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;gBACnD,cAAc,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;aACpD,EACD,6BAA6B,CAC9B,CAAC;YAEF,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAEpD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ;oBAAE,SAAS;gBAE1D,MAAM,OAAO,GAAG,SAA+C,CAAC;gBAChE,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAE1D,oCAAoC;gBACpC,IACE,QAAQ;oBACP,oBAA0C,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAC9D,CAAC;oBACD,UAAU,CAAC,IAAI,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;gBAC3D,CAAC;gBAED,uDAAuD;gBACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,2BAA2B,CAAC,SAAS,CAAC,CAAC;gBACvE,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,UAAU,CAAC,IAAI,CACb,GAAG,kBAAkB,CAAC,GAAG,CACvB,CAAC,CAAS,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAC1C,CACF,CAAC;gBACJ,CAAC;gBAED,mCAAmC;gBACnC,IAAI,IAAI,CAAC,+BAA+B,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpD,UAAU,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;gBAChC,UAAU;gBACV,gBAAgB,EAAE,KAAK;aACxB,CAAC;QACJ,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,CACZ;gBACE,GAAG,OAAO;gBACV,KAAK,EACH,UAAU,YAAY,KAAK;oBACzB,CAAC,CAAC,UAAU,CAAC,OAAO;oBACpB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;gBACxB,WAAW,EAAE,KAAK,CAAC,MAAM;aAC1B,EACD,wDAAwD,CACzD,CAAC;YAEF,OAAO;gBACL,OAAO,EAAE,IAAI,EAAE,iCAAiC;gBAChD,UAAU,EAAE,EAAE;gBACd,gBAAgB,EAAE,KAAK;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,kBAAkB,CAC/B,KAAa,EACb,QAAwB;QAExB,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,iCAAiC;QACjC,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,SAAS,KAAK,EAAE,GAAG,CAAC,CAAC;YACtD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,oBAAoB,SAAS,YAAY,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,+BAA+B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,IAAI,IAAI,mBAAmB,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,wBAAwB,IAAI,YAAY,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;YACV,gBAAgB,EAAE,OAAO;SAC1B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,4BAA4B,CACzC,KAAa,EACb,iBAA2B,EAC3B,OAAuB;QAEvB,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7D,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAEpD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,aAAa,GAAG,IAAI,CAAC,0BAA0B,CACnD,SAAS,EACT,iBAAiB,CAClB,CAAC;gBACF,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CACV;gBACE,GAAG,OAAO;gBACV,KAAK,EACH,UAAU,YAAY,KAAK;oBACzB,CAAC,CAAC,UAAU,CAAC,OAAO;oBACpB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;aACzB,EACD,qDAAqD,CACtD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;YACV,gBAAgB,EAAE,KAAK;SACxB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,8BAA8B,CAC3C,KAAa,EACb,iBAA2B;QAE3B,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,IAAI,MAAM,CACxB,MAAM,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,KAAK,EACzD,GAAG,CACJ,CAAC;YACF,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;YACV,gBAAgB,EAAE,OAAO;SAC1B,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,2BAA2B,CAAC,IAAa;QACtD,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,UAAU,CAAC;QAEzD,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,wCAAwC;QACxC,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAEpD,IAAK,mBAAyC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CACrB,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAC3D,CAAC;YACJ,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,0BAA0B,CACvC,IAAa,EACb,iBAA2B;QAE3B,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,UAAU,CAAC;QAEzD,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,6CAA6C;QAC7C,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;oBACxC,MAAM,OAAO,GAAG,IAAI,MAAM,CACxB,MAAM,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,KAAK,EACzD,GAAG,CACJ,CAAC;oBACF,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;wBACxB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CACrB,UAAU,CAAC,IAAI,CACb,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAC5D,CACF,CAAC;YACJ,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CACb,GAAG,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAC7D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,+BAA+B,CAAC,SAAkB;QAC/D,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAE9D,MAAM,IAAI,GAAG,SAAoC,CAAC;QAElD,qCAAqC;QACrC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACzC,+BAA+B;YAC/B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,IAA+B,CAAC;gBAChD,IAAI,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;oBACpE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC"}
+{"version":3,"file":"sqlSecurityValidator.js","sourceRoot":"","sources":["../../../../src/ibmi-mcp-server/utils/security/sqlSecurityValidator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,YAAY,MAAM,4CAA4C,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAcjF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,oBAAoB;IACpB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,UAAU;IACV,oBAAoB;IACpB,MAAM;IACN,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,oBAAoB;IACpB,MAAM;IACN,MAAM;IACN,SAAS;IACT,KAAK;IACL,SAAS;IACT,sBAAsB;IACtB,OAAO;IACP,QAAQ;IACR,MAAM;IACN,gBAAgB;IAChB,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,iBAAiB;IACjB,UAAU;IACV,SAAS;IACT,MAAM;IACN,MAAM;IACN,OAAO;IACP,iBAAiB;IACjB,QAAQ;IACR,SAAS;IACT,MAAM;IACN,UAAU;IACV,MAAM;IACN,QAAQ;IACR,mDAAmD;IACnD,QAAQ;IACR,UAAU;IACV,WAAW;IACX,iBAAiB;IACjB,SAAS;IACT,uBAAuB;CACf,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,qEAAqE;IACrE,+CAA+C;IAC/C,0EAA0E;IAC1E,yDAAyD;IACzD,qDAAqD;IACrD,qBAAqB;CACb,CAAC;AAEX;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IACvB,MAAM,CAAC,SAAS,GAAG,IAAI,YAAY,EAAE,CAAC;IAE9C;;;;;;OAMG;IACK,MAAM,CAAC,aAAa,CAAC,KAAa,EAAE,SAAS,GAAG,GAAG;QACzD,OAAO,KAAK,CAAC,MAAM,GAAG,SAAS;YAC7B,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK;YACvC,CAAC,CAAC,KAAK,CAAC;IACZ,CAAC;IAED;;;;;;;;OAQG;IACK,MAAM,CAAC,oBAAoB,CACjC,OAAe,EACf,UAAoB,EACpB,OAAgC,EAChC,KAAa;QAEb,MAAM,IAAI,QAAQ,CAAC,gBAAgB,CAAC,eAAe,EAAE,OAAO,EAAE;YAC5D,UAAU;YACV,GAAG,OAAO;YACV,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACK,MAAM,CAAC,8BAA8B,CAC3C,KAAa,EACb,iBAA2B;QAE3B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,sCAAsC;QACtC,MAAM,YAAY,GAAG,IAAI,GAAG,CAC1B,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAC9C,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,wDAAwD;YACxD,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAEtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;YACzC,IAAI,KAAK,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;YACV,gBAAgB,EAAE,UAAU;SAC7B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,aAAa,CAClB,KAAa,EACb,cAAqC,EACrC,OAAuB;QAEvB,MAAM,CAAC,KAAK,CACV;YACE,GAAG,OAAO;YACV,WAAW,EAAE,KAAK,CAAC,MAAM;YACzB,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,cAAc,EAAE,cAAc,CAAC,cAAc;SAC9C,EACD,kCAAkC,CACnC,CAAC;QAEF,8BAA8B;QAC9B,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAEhD,0EAA0E;QAC1E,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;QAE/D,4EAA4E;QAC5E,IAAI,cAAc,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YACtC,IAAI,CAAC,4BAA4B,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,CAAC,KAAK,CACV;YACE,GAAG,OAAO;SACX,EACD,gCAAgC,CACjC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,mBAAmB,CAChC,KAAa,EACb,cAAqC;QAErC,MAAM,SAAS,GAAG,cAAc,CAAC,cAAc,IAAI,KAAK,CAAC;QACzD,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,eAAe,EAChC,mCAAmC,SAAS,aAAa,EACzD;gBACE,WAAW,EAAE,KAAK,CAAC,MAAM;gBACzB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;aACjC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,yBAAyB,CACtC,KAAa,EACb,cAAqC,EACrC,OAAuB;QAEvB,IACE,CAAC,cAAc,CAAC,iBAAiB;YACjC,cAAc,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAC7C,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,kDAAkD;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,8BAA8B,CACrD,KAAK,EACL,cAAc,CAAC,iBAAiB,CACjC,CAAC;YAEF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,IAAI,CAAC,oBAAoB,CACvB,gCAAgC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACnE,WAAW,CAAC,UAAU,EACtB;oBACE,iBAAiB,EAAE,cAAc,CAAC,iBAAiB;oBACnD,WAAW,EAAE,OAAO;iBACrB,EACD,KAAK,CACN,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,EACpC,sCAAsC,CACvC,CAAC;QACJ,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,uDAAuD;YACvD,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,EACzC,gDAAgD,CACjD,CAAC;YAEF,MAAM,WAAW,GACf,4BAA4B,CAAC,yBAAyB,CACpD,KAAK,EACL,cAAc,CAAC,iBAAiB,EAChC,OAAO,CACR,CAAC;YAEJ,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,IAAI,CAAC,oBAAoB,CACvB,gCAAgC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACnE,WAAW,CAAC,UAAU,EACtB;oBACE,iBAAiB,EAAE,cAAc,CAAC,iBAAiB;oBACnD,WAAW,EAAE,gBAAgB;iBAC9B,EACD,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,4BAA4B,CACzC,KAAa,EACb,OAAuB;QAEvB,yEAAyE;QACzE,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE5D,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,0DAA0D;YAC1D,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,oBAAoB,CACvB,8BAA8B,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAChE,UAAU,CAAC,UAAU,EACrB;oBACE,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,aAAa;iBAC3B,EACD,KAAK,CACN,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,KAAK,CACV;gBACE,GAAG,OAAO;gBACV,WAAW,EAAE,aAAa;gBAC1B,cAAc,EAAE,UAAU,CAAC,cAAc;aAC1C,EACD,uDAAuD,CACxD,CAAC;YAEF,OAAO,CAAC,gCAAgC;QAC1C,CAAC;QAED,gCAAgC;QAChC,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,EACd,sDAAsD,CACvD,CAAC;QAEF,MAAM,WAAW,GAAG,4BAA4B,CAAC,gBAAgB,CAC/D,KAAK,EACL,OAAO,CACR,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,oBAAoB,CACvB,8BAA8B,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACjE,WAAW,CAAC,UAAU,EACtB,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,gBAAgB,EAAE,EACjD,KAAK,CACN,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,EAC7C,gDAAgD,CACjD,CAAC;IACJ,CAAC"}

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.d.ts

@@ -0,0 +1,54 @@
+/**
+ * @fileoverview Regex-based SQL Security Validator Fallback
+ * Simple regex pattern matching for cases where vscode-db2i parser cannot handle a query
+ *
+ * @module src/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback
+ */
+import { RequestContext } from "../../../utils/internal/requestContext.js";
+import { SecurityValidationResult } from "./sqlSecurityValidator.js";
+/**
+ * Regex-based SQL Security Validator Fallback
+ * Provides simple pattern-matching validation when primary validators cannot parse the query
+ */
+export declare class SqlSecurityValidatorFallback {
+    /**
+     * Strip string literals from SQL to prevent false positives in regex validation
+     * @param sql - Raw SQL query
+     * @returns Normalized SQL with strings replaced with empty literals
+     * @private
+     */
+    private static stripSqlLiterals;
+    /**
+     * Validate query against list of keywords using regex patterns
+     * @param query - SQL query to validate
+     * @param keywords - Keywords to check for
+     * @param patternBuilder - Function to build regex pattern from keyword
+     * @param violationFormatter - Function to format violation message
+     * @returns Array of violation messages
+     * @private
+     */
+    private static validateWithRegexList;
+    /**
+     * Create standardized validation result
+     * @param violations - List of validation violations
+     * @returns Security validation result object
+     * @private
+     */
+    private static createValidationResult;
+    /**
+     * Validate read-only restrictions using regex patterns
+     * @param query - SQL query to validate
+     * @param context - Request context for logging
+     * @returns Security validation result
+     */
+    static validateReadOnly(query: string, context: RequestContext): SecurityValidationResult;
+    /**
+     * Validate forbidden keywords using regex patterns
+     * @param query - SQL query to validate
+     * @param forbiddenKeywords - List of forbidden keywords
+     * @param context - Request context for logging
+     * @returns Security validation result
+     */
+    static validateForbiddenKeywords(query: string, forbiddenKeywords: string[], context: RequestContext): SecurityValidationResult;
+}
+//# sourceMappingURL=sqlSecurityValidatorFallback.d.ts.map

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlSecurityValidatorFallback.d.ts","sourceRoot":"","sources":["../../../../src/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAGL,wBAAwB,EACzB,MAAM,2BAA2B,CAAC;AAEnC;;;GAGG;AACH,qBAAa,4BAA4B;IACvC;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAM/B;;;;;;;;OAQG;IACH,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAmBpC;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAUrC;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CACrB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,GACtB,wBAAwB;IA6B3B;;;;;;OAMG;IACH,MAAM,CAAC,yBAAyB,CAC9B,KAAK,EAAE,MAAM,EACb,iBAAiB,EAAE,MAAM,EAAE,EAC3B,OAAO,EAAE,cAAc,GACtB,wBAAwB;CAgB5B"}

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.js

@@ -0,0 +1,91 @@
+/**
+ * @fileoverview Regex-based SQL Security Validator Fallback
+ * Simple regex pattern matching for cases where vscode-db2i parser cannot handle a query
+ *
+ * @module src/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback
+ */
+import { logger } from "../../../utils/internal/logger.js";
+import { DANGEROUS_OPERATIONS, DANGEROUS_PATTERNS, } from "./sqlSecurityValidator.js";
+/**
+ * Regex-based SQL Security Validator Fallback
+ * Provides simple pattern-matching validation when primary validators cannot parse the query
+ */
+export class SqlSecurityValidatorFallback {
+    /**
+     * Strip string literals from SQL to prevent false positives in regex validation
+     * @param sql - Raw SQL query
+     * @returns Normalized SQL with strings replaced with empty literals
+     * @private
+     */
+    static stripSqlLiterals(sql) {
+        // Replace single-quoted strings with empty string literals
+        // Pattern handles escaped quotes: 'can''t' -> ''
+        return sql.replace(/'(?:''|[^'])*'/g, "''");
+    }
+    /**
+     * Validate query against list of keywords using regex patterns
+     * @param query - SQL query to validate
+     * @param keywords - Keywords to check for
+     * @param patternBuilder - Function to build regex pattern from keyword
+     * @param violationFormatter - Function to format violation message
+     * @returns Array of violation messages
+     * @private
+     */
+    static validateWithRegexList(query, keywords, patternBuilder, violationFormatter) {
+        const violations = [];
+        const normalizedQuery = this.stripSqlLiterals(query);
+        for (const keyword of keywords) {
+            const pattern = patternBuilder(keyword);
+            if (pattern.test(normalizedQuery)) {
+                violations.push(violationFormatter(keyword));
+            }
+        }
+        return violations;
+    }
+    /**
+     * Create standardized validation result
+     * @param violations - List of validation violations
+     * @returns Security validation result object
+     * @private
+     */
+    static createValidationResult(violations) {
+        return {
+            isValid: violations.length === 0,
+            violations,
+            validationMethod: "regex",
+        };
+    }
+    /**
+     * Validate read-only restrictions using regex patterns
+     * @param query - SQL query to validate
+     * @param context - Request context for logging
+     * @returns Security validation result
+     */
+    static validateReadOnly(query, context) {
+        const violations = [];
+        logger.debug({ ...context }, "Using regex fallback for read-only validation");
+        // Check for dangerous operations
+        violations.push(...this.validateWithRegexList(query, DANGEROUS_OPERATIONS, (op) => new RegExp(`\\b${op}\\b`, "i"), (op) => `Write operation '${op}' detected`));
+        // Check for dangerous patterns
+        const normalizedQuery = this.stripSqlLiterals(query);
+        for (const pattern of DANGEROUS_PATTERNS) {
+            if (pattern.test(normalizedQuery)) {
+                violations.push(`Dangerous pattern detected: ${pattern.source}`);
+            }
+        }
+        return this.createValidationResult(violations);
+    }
+    /**
+     * Validate forbidden keywords using regex patterns
+     * @param query - SQL query to validate
+     * @param forbiddenKeywords - List of forbidden keywords
+     * @param context - Request context for logging
+     * @returns Security validation result
+     */
+    static validateForbiddenKeywords(query, forbiddenKeywords, context) {
+        logger.debug({ ...context, keywordCount: forbiddenKeywords.length }, "Using regex fallback for forbidden keywords validation");
+        const violations = this.validateWithRegexList(query, forbiddenKeywords, (kw) => new RegExp(`\\b${kw.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`, "i"), (kw) => `Forbidden keyword: ${kw}`);
+        return this.createValidationResult(violations);
+    }
+}
+//# sourceMappingURL=sqlSecurityValidatorFallback.js.map

package/dist/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlSecurityValidatorFallback.js","sourceRoot":"","sources":["../../../../src/ibmi-mcp-server/utils/security/sqlSecurityValidatorFallback.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAEpD,OAAO,EACL,oBAAoB,EACpB,kBAAkB,GAEnB,MAAM,2BAA2B,CAAC;AAEnC;;;GAGG;AACH,MAAM,OAAO,4BAA4B;IACvC;;;;;OAKG;IACK,MAAM,CAAC,gBAAgB,CAAC,GAAW;QACzC,2DAA2D;QAC3D,iDAAiD;QACjD,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;OAQG;IACK,MAAM,CAAC,qBAAqB,CAClC,KAAa,EACb,QAAsC,EACtC,cAA2C,EAC3C,kBAA+C;QAE/C,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAErD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,sBAAsB,CACnC,UAAoB;QAEpB,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;YACV,gBAAgB,EAAE,OAAO;SAC1B,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CACrB,KAAa,EACb,OAAuB;QAEvB,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,EACd,+CAA+C,CAChD,CAAC;QAEF,iCAAiC;QACjC,UAAU,CAAC,IAAI,CACb,GAAG,IAAI,CAAC,qBAAqB,CAC3B,KAAK,EACL,oBAAoB,EACpB,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,EACtC,CAAC,EAAE,EAAE,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAC3C,CACF,CAAC;QAEF,+BAA+B;QAC/B,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACrD,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CAAC,+BAA+B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,yBAAyB,CAC9B,KAAa,EACb,iBAA2B,EAC3B,OAAuB;QAEvB,MAAM,CAAC,KAAK,CACV,EAAE,GAAG,OAAO,EAAE,YAAY,EAAE,iBAAiB,CAAC,MAAM,EAAE,EACtD,wDAAwD,CACzD,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAC3C,KAAK,EACL,iBAAiB,EACjB,CAAC,EAAE,EAAE,EAAE,CACL,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,EACvE,CAAC,EAAE,EAAE,EAAE,CAAC,sBAAsB,EAAE,EAAE,CACnC,CAAC;QAEF,OAAO,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;CACF"}