@malloydata/malloy 0.0.394 → 0.0.396

package/dist/connection/base_connection.js

@@ -8,6 +8,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BaseConnection = void 0;
 const sql_block_1 = require("../model/sql_block");
+const validate_table_path_1 = require("./validate_table_path");
 class BaseConnection {
     constructor() {
         this.schemaCache = {};
@@ -47,6 +48,11 @@ class BaseConnection {
         const schemas = {};
         const errors = {};
         for (const [tableName, tablePath] of Object.entries(missing)) {
+            const invalid = (0, validate_table_path_1.validateCanonicalTablePath)(this.dialectName, tablePath);
+            if (invalid !== undefined) {
+                errors[tableName] = invalid;
+                continue;
+            }
             const inCache = await this.checkSchemaCache(tablePath, 'table', async () => await this.fetchTableSchema(tableName, tablePath), refreshTimestamp);
             if (inCache.schema) {
                 schemas[tableName] = inCache.schema;

package/dist/connection/validate_table_path.d.ts

@@ -0,0 +1,10 @@
+/** Validate against a known dialect. Returns an error string or undefined. */
+export declare function validateCanonicalTablePath(dialectName: string, tablePath: string): string | undefined;
+/**
+ * Validate against any registered dialect. Used at boundaries where the
+ * destination dialect isn't synchronously known (virtualMap, manifest
+ * entries).
+ */
+export declare function validateCanonicalTablePathAnyDialect(tablePath: string): string | undefined;
+/** Throw if `tablePath` isn't canonical SQL in any registered dialect. */
+export declare function requireCanonicalTablePathAnyDialect(tablePath: string, prefix: string): void;

package/dist/connection/validate_table_path.js

@@ -0,0 +1,56 @@
+"use strict";
+/*
+ * Copyright Contributors to the Malloy project
+ * SPDX-License-Identifier: MIT
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateCanonicalTablePath = validateCanonicalTablePath;
+exports.validateCanonicalTablePathAnyDialect = validateCanonicalTablePathAnyDialect;
+exports.requireCanonicalTablePathAnyDialect = requireCanonicalTablePathAnyDialect;
+const dialect_map_1 = require("../dialect/dialect_map");
+/** Validate against a known dialect. Returns an error string or undefined. */
+function validateCanonicalTablePath(dialectName, tablePath) {
+    let dialect;
+    try {
+        dialect = (0, dialect_map_1.getDialect)(dialectName);
+    }
+    catch {
+        return `tablePath '${tablePath}' cannot be validated: unknown dialect '${dialectName}'`;
+    }
+    const result = dialect.sqlValidateTableName(tablePath);
+    if (!result.ok) {
+        return `tablePath '${tablePath}' is not canonical SQL for the ${dialectName} dialect; the translator must validate before passing it here. (${result.error})`;
+    }
+    if (result.canonical !== tablePath) {
+        return `tablePath '${tablePath}' is not canonical SQL for the ${dialectName} dialect; the translator must validate before passing it here.`;
+    }
+    return undefined;
+}
+/**
+ * Validate against any registered dialect. Used at boundaries where the
+ * destination dialect isn't synchronously known (virtualMap, manifest
+ * entries).
+ */
+function validateCanonicalTablePathAnyDialect(tablePath) {
+    let suggestion;
+    for (const dialect of (0, dialect_map_1.getDialects)()) {
+        const result = dialect.sqlValidateTableName(tablePath);
+        if (result.ok) {
+            if (result.canonical === tablePath)
+                return undefined;
+            if (suggestion === undefined)
+                suggestion = result.canonical;
+        }
+    }
+    if (suggestion !== undefined) {
+        return `value '${tablePath}' is not canonical SQL; did you mean '${suggestion}'?`;
+    }
+    return `value '${tablePath}' is not a valid canonical table path in any registered dialect`;
+}
+/** Throw if `tablePath` isn't canonical SQL in any registered dialect. */
+function requireCanonicalTablePathAnyDialect(tablePath, prefix) {
+    const err = validateCanonicalTablePathAnyDialect(tablePath);
+    if (err !== undefined)
+        throw new Error(`${prefix}: ${err}`);
+}
+//# sourceMappingURL=validate_table_path.js.map

package/dist/dialect/databricks/databricks.d.ts

@@ -4,6 +4,9 @@ import { Dialect } from '../dialect';
 import type { DialectFunctionOverloadDef } from '../functions';
 export declare class DatabricksDialect extends Dialect {
     name: string;
+    stringLiteralStyle: "backslash";
+    identifierEscapeStyle: "doubled";
+    identifierQuoteChar: string;
     defaultNumberType: string;
     defaultDecimalType: string;
     udfPrefix: string;
@@ -37,9 +40,9 @@ export declare class DatabricksDialect extends Dialect {
     hasTimestamptz: boolean;
     supportsBigIntPrecision: boolean;
     maxIdentifierLength: number;
+    tablePathBareIdentRegex: RegExp;
     malloyTypeToSQLType(malloyType: AtomicTypeDef): string;
     sqlTypeToMalloyType(sqlType: string): BasicAtomicTypeDef;
-    quoteTablePath(tablePath: string): string;
     sqlGroupSetTable(groupSetCount: number): string;
     sqlLateralJoinBag(expressions: LateralJoinExpression[]): string;
     sqlOrderBy(orderTerms: string[], obr?: OrderByRequest): string;
@@ -60,7 +63,6 @@ export declare class DatabricksDialect extends Dialect {
     sqlCreateFunction(id: string, funcText: string): string;
     sqlCreateFunctionCombineLastStage(lastStageName: string, fieldList: DialectFieldList): string;
     sqlSelectAliasAsStruct(alias: string, fieldList: DialectFieldList): string;
-    sqlMaybeQuoteIdentifier(identifier: string): string;
     sqlCreateTableAsSelect(tableName: string, sql: string): string;
     sqlNowExpr(): string;
     sqlConvertToCivilTime(expr: string, timezone: string, _typeDef: AtomicTypeDef): {
@@ -78,8 +80,6 @@ export declare class DatabricksDialect extends Dialect {
     sqlTimestamptzLiteral(_qi: QueryInfo, _literal: string, _timezone: string): string;
     sqlMeasureTimeExpr(df: MeasureTimeExpr): string;
     sqlSampleTable(tableSQL: string, sample: Sampling | undefined): string;
-    sqlLiteralString(literal: string): string;
-    sqlLiteralRegexp(literal: string): string;
     getDialectFunctionOverrides(): {
         [name: string]: DialectFunctionOverloadDef[];
     };

package/dist/dialect/databricks/databricks.js

@@ -43,6 +43,9 @@ class DatabricksDialect extends dialect_1.Dialect {
     constructor() {
         super(...arguments);
         this.name = 'databricks';
+        this.stringLiteralStyle = dialect_1.EscapeStyle.Backslash;
+        this.identifierEscapeStyle = dialect_1.EscapeStyle.Doubled;
+        this.identifierQuoteChar = '`';
         this.defaultNumberType = 'DOUBLE';
         this.defaultDecimalType = 'DECIMAL';
         this.udfPrefix = '__udf';
@@ -74,6 +77,10 @@ class DatabricksDialect extends dialect_1.Dialect {
         this.hasTimestamptz = false;
         this.supportsBigIntPrecision = false;
         this.maxIdentifierLength = 255;
+        // Databricks bare identifiers may start with a digit, but cannot be
+        // entirely digits (or they lex as number literals). Verified against
+        // the live engine: `1foo` resolves; `$` is rejected.
+        this.tablePathBareIdentRegex = /^[A-Za-z0-9_]*[A-Za-z_][A-Za-z0-9_]*/;
     }
     malloyTypeToSQLType(malloyType) {
         switch (malloyType.type) {
@@ -95,7 +102,7 @@ class DatabricksDialect extends dialect_1.Dialect {
                 const fields = [];
                 for (const f of malloyType.fields) {
                     if ((0, malloy_types_1.isAtomic)(f)) {
-                        fields.push(`${this.sqlMaybeQuoteIdentifier(f.name)}: ${this.malloyTypeToSQLType(f)}`);
+                        fields.push(`${this.sqlQuoteIdentifier(f.name)}: ${this.malloyTypeToSQLType(f)}`);
                     }
                 }
                 return `STRUCT<${fields.join(', ')}>`;
@@ -105,7 +112,7 @@ class DatabricksDialect extends dialect_1.Dialect {
                     const fields = [];
                     for (const f of malloyType.fields) {
                         if ((0, malloy_types_1.isAtomic)(f)) {
-                            fields.push(`${this.sqlMaybeQuoteIdentifier(f.name)}: ${this.malloyTypeToSQLType(f)}`);
+                            fields.push(`${this.sqlQuoteIdentifier(f.name)}: ${this.malloyTypeToSQLType(f)}`);
                         }
                     }
                     return `ARRAY<STRUCT<${fields.join(', ')}>>`;
@@ -128,12 +135,6 @@ class DatabricksDialect extends dialect_1.Dialect {
             rawType: baseSqlType,
         });
     }
-    quoteTablePath(tablePath) {
-        return tablePath
-            .split('.')
-            .map(part => (/^[a-zA-Z_]\w*$/.test(part) ? part : `\`${part}\``))
-            .join('.');
-    }
     sqlGroupSetTable(groupSetCount) {
         return `LATERAL VIEW EXPLODE(SEQUENCE(0, ${groupSetCount})) group_set AS group_set`;
     }
@@ -163,7 +164,9 @@ class DatabricksDialect extends dialect_1.Dialect {
     // field names) in Databricks.
     buildNamedStructExpression(fieldList) {
         return ('named_struct(' +
-            fieldList.map(f => `'${f.rawName}', ${f.sqlExpression}`).join(', ') +
+            fieldList
+                .map(f => `${this.sqlLiteralString(f.rawName)}, ${f.sqlExpression}`)
+                .join(', ') +
             ')');
     }
     sqlAggregateTurtle(groupSet, fieldList, orderBy) {
@@ -207,7 +210,9 @@ class DatabricksDialect extends dialect_1.Dialect {
     sqlCoaleseMeasuresInline(groupSet, fieldList) {
         const namedStruct = this.buildNamedStructExpression(fieldList);
         const nullStruct = 'named_struct(' +
-            fieldList.map(f => `'${f.rawName}', NULL`).join(', ') +
+            fieldList
+                .map(f => `${this.sqlLiteralString(f.rawName)}, NULL`)
+                .join(', ') +
             ')';
         return `COALESCE(FIRST(CASE WHEN group_set=${groupSet} THEN ${namedStruct} END) IGNORE NULLS, ${nullStruct})`;
     }
@@ -268,7 +273,7 @@ class DatabricksDialect extends dialect_1.Dialect {
         if (childName === '__row_id') {
             return `__row_id_from_${parentAlias}`;
         }
-        return `${parentAlias}.${this.sqlMaybeQuoteIdentifier(childName)}`;
+        return `${parentAlias}.${this.sqlQuoteIdentifier(childName)}`;
     }
     sqlCreateFunction(id, funcText) {
         return `CREATE TEMPORARY FUNCTION ${id}(param STRING) RETURNS STRING RETURN (\n${(0, utils_1.indent)(funcText)}\n);\n`;
@@ -279,13 +284,10 @@ class DatabricksDialect extends dialect_1.Dialect {
     }
     sqlSelectAliasAsStruct(alias, fieldList) {
         const fields = fieldList
-            .map(f => `${alias}.${this.sqlMaybeQuoteIdentifier(f.rawName)}`)
+            .map(f => `${alias}.${this.sqlQuoteIdentifier(f.rawName)}`)
             .join(', ');
         return `STRUCT(${fields})`;
     }
-    sqlMaybeQuoteIdentifier(identifier) {
-        return '`' + identifier.replace(/`/g, '``') + '`';
-    }
     sqlCreateTableAsSelect(tableName, sql) {
         return `CREATE TABLE ${tableName} AS ${sql}`;
     }
@@ -406,13 +408,6 @@ class DatabricksDialect extends dialect_1.Dialect {
         }
         return tableSQL;
     }
-    sqlLiteralString(literal) {
-        const noVirgule = literal.replace(/\\/g, '\\\\');
-        return "'" + noVirgule.replace(/'/g, "\\'") + "'";
-    }
-    sqlLiteralRegexp(literal) {
-        return "'" + literal.replace(/'/g, "''") + "'";
-    }
     getDialectFunctionOverrides() {
         return (0, functions_1.expandOverrideMap)(function_overrides_1.DATABRICKS_MALLOY_STANDARD_OVERLOADS);
     }

package/dist/dialect/dialect.d.ts

@@ -1,5 +1,6 @@
 import type { Expr, Sampling, AtomicTypeDef, MeasureTimeExpr, TimeExtractExpr, TypecastExpr, RegexMatchExpr, TimeLiteralExpr, RecordLiteralNode, ArrayLiteralNode, BasicAtomicTypeDef, OrderBy, TimestampUnit, ATimestampTypeDef, TimeExpr, TemporalFieldType } from '../model/malloy_types';
 import type { DialectFunctionOverloadDef } from './functions';
+import type { ValidateTablePathResult } from './table-path';
 interface DialectField {
     typeDef: AtomicTypeDef;
     sqlExpression: string;
@@ -35,6 +36,18 @@ export declare const MIN_INT128: bigint;
 export declare const MAX_INT128: bigint;
 export declare const MIN_DECIMAL38: bigint;
 export declare const MAX_DECIMAL38: bigint;
+/**
+ * Allowed values for `Dialect.stringLiteralStyle` and
+ * `Dialect.identifierEscapeStyle`. Subclasses set their style with
+ * e.g. `stringLiteralStyle = EscapeStyle.Backslash`; the `as const`
+ * is centralized here so dialect files stay free of it.
+ */
+export declare const EscapeStyle: {
+    readonly Doubled: "doubled";
+    readonly Backslash: "backslash";
+    readonly Unset: "unset";
+};
+export type EscapeStyleValue = (typeof EscapeStyle)[keyof typeof EscapeStyle];
 /**
  * Data which dialect methods need in order to correctly generate SQL.
  * Initially this is just timezone related, but I made this an interface
@@ -132,7 +145,34 @@ export declare abstract class Dialect {
     abstract getDialectFunctions(): {
         [name: string]: DialectFunctionOverloadDef[];
     };
-    abstract quoteTablePath(tablePath: string): string;
+    /**
+     * Regex matching one bare (unquoted) table-path segment for this
+     * dialect, anchored at the start of the input. Drives the default
+     * `sqlValidateTableName` along with `identifierQuoteChar` and
+     * `identifierEscapeStyle`.
+     *
+     * The default is strict ANSI: `[A-Za-z_][A-Za-z0-9_]*`. Override to
+     * widen the char set (Postgres allows `$`, MySQL allows digit-start
+     * with caveats, BigQuery allows dashes, …). The per-dialect regexes
+     * were verified by probing live engines.
+     */
+    tablePathBareIdentRegex: RegExp;
+    /**
+     * Validate a user-supplied table-path string for this dialect. On
+     * success, the canonical form is the SQL fragment that gets pasted
+     * into `FROM` clauses and stored in `StructDef.tablePath`. Canonical
+     * equals input verbatim except where a Malloy convenience needs
+     * translating into dialect SQL (today: DuckDB's file-path branch
+     * wraps the input in single quotes).
+     *
+     * The default implementation handles every dialect whose table-path
+     * grammar is a dotted sequence of `bare | quoted` segments — every
+     * dialect we ship except DuckDB. New dialects of that shape need
+     * only override `tablePathBareIdentRegex`; override
+     * `sqlValidateTableName` itself only if your grammar is structurally
+     * different.
+     */
+    sqlValidateTableName(input: string): ValidateTablePathResult;
     abstract sqlGroupSetTable(groupSetCount: number): string;
     abstract sqlAnyValue(groupSet: number, fieldName: string): string;
     abstract sqlAggregateTurtle(groupSet: number, fieldList: DialectFieldList, orderBy: CompiledOrderBy[] | undefined): string;
@@ -151,7 +191,52 @@ export declare abstract class Dialect {
     abstract sqlSelectAliasAsStruct(alias: string, fieldList: DialectFieldList): string;
     sqlFinalStage(_lastStageName: string, _fields: string[]): string;
     sqlDateToString(sqlDateExp: string): string;
-    abstract sqlMaybeQuoteIdentifier(identifier: string): string;
+    /**
+     * The character the dialect uses to quote identifiers. Most dialects
+     * use ANSI double-quote `"`; MySQL, BigQuery and Databricks use the
+     * backtick `` ` ``. The dialect must escape this character by doubling
+     * inside a quoted identifier.
+     *
+     * Defaults to the empty string sentinel — concrete dialects must set
+     * a real value (or override `sqlQuoteIdentifier`), otherwise the
+     * base method throws to surface the omission immediately.
+     */
+    identifierQuoteChar: string;
+    /**
+     * How the dialect escapes the closing quote inside a string literal.
+     * Set via `EscapeStyle` from this module:
+     *
+     * - `EscapeStyle.Doubled`: `''` escapes `'`. Backslash is a literal
+     *   character. (ANSI standard; Postgres, DuckDB, Trino, Presto.)
+     * - `EscapeStyle.Backslash`: `\'` escapes `'`, `\\` escapes `\`.
+     *   (BigQuery, Snowflake, MySQL default mode, Databricks.)
+     * - `EscapeStyle.Unset` (default): base methods throw if reached. A
+     *   new dialect must set this (or override the literal methods).
+     *
+     * `sqlLiteralString` and `sqlLiteralRegexp` share this style — the
+     * regex engine receives whatever the SQL parser decodes, and the two
+     * must agree or regex patterns containing backslashes silently break.
+     */
+    stringLiteralStyle: EscapeStyleValue;
+    /**
+     * How the dialect escapes the quote character inside a quoted
+     * identifier. Mirrors `stringLiteralStyle`:
+     *
+     * - `EscapeStyle.Doubled`: doubling the quote char escapes it (ANSI
+     *   standard; most dialects).
+     * - `EscapeStyle.Backslash`: backslash-style escape, with `\\` for
+     *   backslash and `\<quote>` for the quote char. (BigQuery — quoted
+     *   identifiers use string-literal escape sequences.)
+     * - `EscapeStyle.Unset` (default): base method throws if reached.
+     */
+    identifierEscapeStyle: EscapeStyleValue;
+    /**
+     * Wrap an identifier in the dialect's quote character, escaping any
+     * embedded quote characters per the dialect's `identifierEscapeStyle`.
+     * This is the only safe way to render a user-controlled identifier
+     * in SQL.
+     */
+    sqlQuoteIdentifier(identifier: string): string;
     abstract castToString(expression: string): string;
     abstract concat(...values: string[]): string;
     sqlLiteralNumber(literal: string): string;
@@ -354,8 +439,19 @@ export declare abstract class Dialect {
      *   the civil time in the specified timezone
      */
     abstract sqlTimestamptzLiteral(qi: QueryInfo, literal: string, timezone: string): string;
-    abstract sqlLiteralString(literal: string): string;
-    abstract sqlLiteralRegexp(literal: string): string;
+    /**
+     * Render a Malloy string as a SQL string literal. The escape style is
+     * driven by `stringLiteralStyle`; dialects normally do not override
+     * this method.
+     */
+    sqlLiteralString(literal: string): string;
+    /**
+     * Render a Malloy regex literal as a SQL string literal. Defaults to
+     * `sqlLiteralString` — the regex engine receives whatever bytes the
+     * SQL parser decodes, and `sqlLiteralString` already produces a
+     * correctly decoding literal for both escape styles.
+     */
+    sqlLiteralRegexp(literal: string): string;
     abstract sqlLiteralArray(lit: ArrayLiteralNode): string;
     abstract sqlLiteralRecord(lit: RecordLiteralNode): string;
     /**

package/dist/dialect/dialect.js

@@ -22,10 +22,11 @@
  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Dialect = exports.dayIndex = exports.MAX_DECIMAL38 = exports.MIN_DECIMAL38 = exports.MAX_INT128 = exports.MIN_INT128 = exports.MAX_INT64 = exports.MIN_INT64 = exports.MAX_INT32 = exports.MIN_INT32 = void 0;
+exports.Dialect = exports.dayIndex = exports.EscapeStyle = exports.MAX_DECIMAL38 = exports.MIN_DECIMAL38 = exports.MAX_INT128 = exports.MIN_INT128 = exports.MAX_INT64 = exports.MIN_INT64 = exports.MAX_INT32 = exports.MIN_INT32 = void 0;
 exports.inDays = inDays;
 exports.qtz = qtz;
 const malloy_types_1 = require("../model/malloy_types");
+const table_path_1 = require("./table-path");
 /*
  * Standard integer type limits.
  * Use these in dialect integerTypeMappings definitions.
@@ -42,6 +43,17 @@ exports.MAX_INT128 = BigInt('170141183460469231731687303715884105727'); // 2^127
 // Decimal(38,0) limits (for Snowflake NUMBER(38,0))
 exports.MIN_DECIMAL38 = BigInt('-99999999999999999999999999999999999999'); // -(10^38 - 1)
 exports.MAX_DECIMAL38 = BigInt('99999999999999999999999999999999999999'); // 10^38 - 1
+/**
+ * Allowed values for `Dialect.stringLiteralStyle` and
+ * `Dialect.identifierEscapeStyle`. Subclasses set their style with
+ * e.g. `stringLiteralStyle = EscapeStyle.Backslash`; the `as const`
+ * is centralized here so dialect files stay free of it.
+ */
+exports.EscapeStyle = {
+    Doubled: 'doubled',
+    Backslash: 'backslash',
+    Unset: 'unset',
+};
 const allUnits = [
     'microsecond',
     'millisecond',
@@ -138,6 +150,57 @@ class Dialect {
             { min: BigInt(exports.MIN_INT32), max: BigInt(exports.MAX_INT32), numberType: 'integer' },
             { min: exports.MIN_INT64, max: exports.MAX_INT64, numberType: 'bigint' },
         ];
+        /**
+         * Regex matching one bare (unquoted) table-path segment for this
+         * dialect, anchored at the start of the input. Drives the default
+         * `sqlValidateTableName` along with `identifierQuoteChar` and
+         * `identifierEscapeStyle`.
+         *
+         * The default is strict ANSI: `[A-Za-z_][A-Za-z0-9_]*`. Override to
+         * widen the char set (Postgres allows `$`, MySQL allows digit-start
+         * with caveats, BigQuery allows dashes, …). The per-dialect regexes
+         * were verified by probing live engines.
+         */
+        this.tablePathBareIdentRegex = /^[A-Za-z_][A-Za-z0-9_]*/;
+        /**
+         * The character the dialect uses to quote identifiers. Most dialects
+         * use ANSI double-quote `"`; MySQL, BigQuery and Databricks use the
+         * backtick `` ` ``. The dialect must escape this character by doubling
+         * inside a quoted identifier.
+         *
+         * Defaults to the empty string sentinel — concrete dialects must set
+         * a real value (or override `sqlQuoteIdentifier`), otherwise the
+         * base method throws to surface the omission immediately.
+         */
+        this.identifierQuoteChar = '';
+        /**
+         * How the dialect escapes the closing quote inside a string literal.
+         * Set via `EscapeStyle` from this module:
+         *
+         * - `EscapeStyle.Doubled`: `''` escapes `'`. Backslash is a literal
+         *   character. (ANSI standard; Postgres, DuckDB, Trino, Presto.)
+         * - `EscapeStyle.Backslash`: `\'` escapes `'`, `\\` escapes `\`.
+         *   (BigQuery, Snowflake, MySQL default mode, Databricks.)
+         * - `EscapeStyle.Unset` (default): base methods throw if reached. A
+         *   new dialect must set this (or override the literal methods).
+         *
+         * `sqlLiteralString` and `sqlLiteralRegexp` share this style — the
+         * regex engine receives whatever the SQL parser decodes, and the two
+         * must agree or regex patterns containing backslashes silently break.
+         */
+        this.stringLiteralStyle = exports.EscapeStyle.Unset;
+        /**
+         * How the dialect escapes the quote character inside a quoted
+         * identifier. Mirrors `stringLiteralStyle`:
+         *
+         * - `EscapeStyle.Doubled`: doubling the quote char escapes it (ANSI
+         *   standard; most dialects).
+         * - `EscapeStyle.Backslash`: backslash-style escape, with `\\` for
+         *   backslash and `\<quote>` for the quote char. (BigQuery — quoted
+         *   identifiers use string-literal escape sequences.)
+         * - `EscapeStyle.Unset` (default): base method throws if reached.
+         */
+        this.identifierEscapeStyle = exports.EscapeStyle.Unset;
     }
     // Generate the lateral join bag clause for window function partitioning.
     // The expressions are dimension fields that need to be referenced by name
@@ -218,6 +281,34 @@ class Dialect {
             },
         };
     }
+    /**
+     * Validate a user-supplied table-path string for this dialect. On
+     * success, the canonical form is the SQL fragment that gets pasted
+     * into `FROM` clauses and stored in `StructDef.tablePath`. Canonical
+     * equals input verbatim except where a Malloy convenience needs
+     * translating into dialect SQL (today: DuckDB's file-path branch
+     * wraps the input in single quotes).
+     *
+     * The default implementation handles every dialect whose table-path
+     * grammar is a dotted sequence of `bare | quoted` segments — every
+     * dialect we ship except DuckDB. New dialects of that shape need
+     * only override `tablePathBareIdentRegex`; override
+     * `sqlValidateTableName` itself only if your grammar is structurally
+     * different.
+     */
+    sqlValidateTableName(input) {
+        if (this.identifierEscapeStyle !== exports.EscapeStyle.Doubled &&
+            this.identifierEscapeStyle !== exports.EscapeStyle.Backslash) {
+            throw new Error(`${this.name}: sqlValidateTableName requires identifierEscapeStyle ` +
+                'to be set to Doubled or Backslash (or override sqlValidateTableName).');
+        }
+        return (0, table_path_1.validateDottedTablePath)(input, {
+            quoteChar: this.identifierQuoteChar,
+            escapeStyle: this.identifierEscapeStyle,
+            bareIdentRegex: this.tablePathBareIdentRegex,
+            dialectName: this.name,
+        });
+    }
     // Format a CompiledOrderBy[] into an ORDER BY clause string for use
     // inside an aggregate turtle expression. Dialects which support ORDER BY
     // inside aggregate functions can call this helper from sqlAggregateTurtle.
@@ -232,6 +323,33 @@ class Dialect {
     sqlDateToString(sqlDateExp) {
         return this.castToString(`DATE(${sqlDateExp})`);
     }
+    /**
+     * Wrap an identifier in the dialect's quote character, escaping any
+     * embedded quote characters per the dialect's `identifierEscapeStyle`.
+     * This is the only safe way to render a user-controlled identifier
+     * in SQL.
+     */
+    sqlQuoteIdentifier(identifier) {
+        const q = this.identifierQuoteChar;
+        if (!q) {
+            throw new Error(`${this.name}: identifierQuoteChar is not set. ` +
+                'Set it on the dialect (e.g. \'"\' or "`"), ' +
+                'or override sqlQuoteIdentifier.');
+        }
+        if (this.identifierEscapeStyle === exports.EscapeStyle.Doubled) {
+            return q + identifier.split(q).join(q + q) + q;
+        }
+        if (this.identifierEscapeStyle === exports.EscapeStyle.Backslash) {
+            const escaped = identifier
+                .replace(/\\/g, '\\\\')
+                .split(q)
+                .join('\\' + q);
+            return q + escaped + q;
+        }
+        throw new Error(`${this.name}: identifierEscapeStyle is not set. ` +
+            'Set it to EscapeStyle.Doubled or EscapeStyle.Backslash on the dialect, ' +
+            'or override sqlQuoteIdentifier.');
+    }
     sqlLiteralNumber(literal) {
         return literal;
     }
@@ -330,6 +448,32 @@ class Dialect {
         }
         return sql;
     }
+    /**
+     * Render a Malloy string as a SQL string literal. The escape style is
+     * driven by `stringLiteralStyle`; dialects normally do not override
+     * this method.
+     */
+    sqlLiteralString(literal) {
+        if (this.stringLiteralStyle === 'doubled') {
+            return "'" + literal.split("'").join("''") + "'";
+        }
+        if (this.stringLiteralStyle === 'backslash') {
+            const escaped = literal.replace(/\\/g, '\\\\').replace(/'/g, "\\'");
+            return "'" + escaped + "'";
+        }
+        throw new Error(`${this.name}: stringLiteralStyle is not set. ` +
+            'Set it to EscapeStyle.Doubled or EscapeStyle.Backslash on the dialect, ' +
+            'or override sqlLiteralString.');
+    }
+    /**
+     * Render a Malloy regex literal as a SQL string literal. Defaults to
+     * `sqlLiteralString` — the regex engine receives whatever bytes the
+     * SQL parser decodes, and `sqlLiteralString` already produces a
+     * correctly decoding literal for both escape styles.
+     */
+    sqlLiteralRegexp(literal) {
+        return this.sqlLiteralString(literal);
+    }
     /**
      * The dialect has a chance to over-ride how expressions are translated. If
      * "undefined" is returned then the translation is left to the query translator.

package/dist/dialect/duckdb/duckdb.d.ts

@@ -2,6 +2,7 @@ import type { Sampling, AtomicTypeDef, RegexMatchExpr, MeasureTimeExpr, BasicAto
 import type { DialectFunctionOverloadDef } from '../functions';
 import type { CompiledOrderBy, DialectFieldList, FieldReferenceType, IntegerTypeMapping } from '../dialect';
 import { PostgresBase } from '../pg_impl';
+import type { ValidateTablePathResult } from '../table-path';
 export declare class DuckDBDialect extends PostgresBase {
     name: string;
     experimental: boolean;
@@ -25,7 +26,7 @@ export declare class DuckDBDialect extends PostgresBase {
     requiresExplicitUnnestOrdering: boolean;
     integerTypeMappings: IntegerTypeMapping[];
     get udfPrefix(): string;
-    quoteTablePath(tableName: string): string;
+    sqlValidateTableName(input: string): ValidateTablePathResult;
     sqlGroupSetTable(groupSetCount: number): string;
     sqlAnyValue(groupSet: number, fieldName: string): string;
     sqlLiteralNumber(literal: string): string;
@@ -48,8 +49,6 @@ export declare class DuckDBDialect extends PostgresBase {
     sqlAggDistinct(key: string, values: string[], func: (valNames: string[]) => string): string;
     sqlSampleTable(tableSQL: string, sample: Sampling | undefined): string;
     sqlOrderBy(orderTerms: string[]): string;
-    sqlLiteralString(literal: string): string;
-    sqlLiteralRegexp(literal: string): string;
     getDialectFunctionOverrides(): {
         [name: string]: DialectFunctionOverloadDef[];
     };

package/dist/dialect/duckdb/duckdb.js

@@ -31,6 +31,7 @@ const pg_impl_1 = require("../pg_impl");
 const dialect_functions_1 = require("./dialect_functions");
 const function_overrides_1 = require("./function_overrides");
 const tiny_parser_1 = require("../tiny_parser");
+const table_path_parser_1 = require("./table-path-parser");
 // need to refactor runSQL to take a SQLBlock instead of just a sql string.
 const hackSplitComment = '-- hack: split on this';
 const duckDBToMalloyTypes = {
@@ -85,9 +86,12 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
     get udfPrefix() {
         return `__udf${Math.floor(Math.random() * 100000)}`;
     }
-    quoteTablePath(tableName) {
-        // Quote if contains special chars that could be SQL injection or need quoting
-        return tableName.match(/[/*:;-]/) ? `'${tableName}'` : tableName;
+    // DuckDB's table-path grammar is too rich for the shared ANSI parser
+    // (it has file-path and explicit-single-quoted-literal branches in
+    // addition to dotted identifier paths). See
+    // `duckdb/table-path-parser.ts` for the grammar.
+    sqlValidateTableName(input) {
+        return (0, table_path_parser_1.validateDuckDBTablePath)(input);
     }
     sqlGroupSetTable(groupSetCount) {
         return `CROSS JOIN (SELECT UNNEST(GENERATE_SERIES(0,${groupSetCount},1)) as group_set  ) as group_set`;
@@ -174,7 +178,7 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
             return parentAlias;
         }
         else {
-            return `${parentAlias}.${this.sqlMaybeQuoteIdentifier(childName)}`;
+            return `${parentAlias}.${this.sqlQuoteIdentifier(childName)}`;
         }
     }
     sqlUnnestPipelineHead(isSingleton, sourceSQLExpression) {
@@ -204,7 +208,7 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
             }
         }
         return `SELECT LIST(STRUCT_PACK(${dialectFieldList
-            .map(d => this.sqlMaybeQuoteIdentifier(d.sqlOutputName))
+            .map(d => this.sqlQuoteIdentifier(d.sqlOutputName))
             .join(',')})${o}) FROM ${lastStageName}\n`;
     }
     sqlSelectAliasAsStruct(alias, dialectFieldList) {
@@ -263,12 +267,6 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
     sqlOrderBy(orderTerms) {
         return `ORDER BY ${orderTerms.map(t => `${t} NULLS LAST`).join(',')}`;
     }
-    sqlLiteralString(literal) {
-        return "'" + literal.replace(/'/g, "''") + "'";
-    }
-    sqlLiteralRegexp(literal) {
-        return "'" + literal.replace(/'/g, "''") + "'";
-    }
     getDialectFunctionOverrides() {
         return (0, functions_1.expandOverrideMap)(function_overrides_1.DUCKDB_MALLOY_STANDARD_OVERLOADS);
     }
@@ -297,7 +295,7 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
             const typeSpec = [];
             for (const f of malloyType.fields) {
                 if ((0, malloy_types_1.isAtomic)(f)) {
-                    typeSpec.push(`${this.sqlMaybeQuoteIdentifier(f.name)} ${this.malloyTypeToSQLType(f)}`);
+                    typeSpec.push(`${this.sqlQuoteIdentifier(f.name)} ${this.malloyTypeToSQLType(f)}`);
                 }
             }
             return `STRUCT(${typeSpec.join(', ')})`;
@@ -307,7 +305,7 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
                 const typeSpec = [];
                 for (const f of malloyType.fields) {
                     if ((0, malloy_types_1.isAtomic)(f)) {
-                        typeSpec.push(`${this.sqlMaybeQuoteIdentifier(f.name)} ${this.malloyTypeToSQLType(f)}`);
+                        typeSpec.push(`${this.sqlQuoteIdentifier(f.name)} ${this.malloyTypeToSQLType(f)}`);
                     }
                 }
                 return `STRUCT(${typeSpec.join(', ')})[]`;
@@ -389,7 +387,7 @@ class DuckDBDialect extends pg_impl_1.PostgresBase {
         return `DATE_SUB('${df.units}', ${lVal}, ${rVal})`;
     }
     sqlLiteralRecord(lit) {
-        const pairs = Object.entries(lit.kids).map(([propName, propVal]) => `${this.sqlMaybeQuoteIdentifier(propName)}:${propVal.sql}`);
+        const pairs = Object.entries(lit.kids).map(([propName, propVal]) => `${this.sqlQuoteIdentifier(propName)}:${propVal.sql}`);
         return '{' + pairs.join(',') + '}';
     }
 }