@memberjunction/global 5.0.0 → 5.2.0

package/README.md

@@ -324,7 +324,9 @@ Supports comparisons (`==`, `!=`, `<`, `>`, `<=`, `>=`), logical operators (`&&`
 
 ### SQLExpressionValidator
 
-Validates user-provided SQL expressions against injection attacks. Provides context-aware validation (WHERE clauses, ORDER BY, aggregates, field references) with an allowlist of safe SQL functions.
+Validates user-provided SQL expressions and full queries against injection attacks. Provides context-aware validation (WHERE clauses, ORDER BY, aggregates, field references, full queries) with an allowlist of safe SQL functions.
+
+**Expression validation** (WHERE clauses, aggregates, ORDER BY):
 
 ```typescript
 import { SQLExpressionValidator } from '@memberjunction/global';
@@ -342,9 +344,22 @@ const bad = validator.validate("Name = 'test'; 1=1", {
     context: 'where_clause'
 });
 // bad.valid === false
-// bad.error === "Semicolons are not allowed in SQL expressions"
 ```
 
+**Full query validation** (ad-hoc SELECT/WITH statements):
+
+```typescript
+// Validate a complete SQL query — allows SELECT, JOINs, subqueries, set operations, comments
+const result = validator.validateFullQuery('SELECT TOP 10 * FROM __mj.vwUsers WHERE IsActive = 1');
+// result.valid === true
+
+// Mutations and dangerous operations are blocked
+const bad = validator.validateFullQuery("INSERT INTO Users (Name) VALUES ('hacked')");
+// bad.valid === false, bad.trigger === 'INSERT'
+```
+
+The `full_query` context allows keywords that are legitimate in SELECT statements (EXISTS, ANY, ALL, UNION, INTERSECT, EXCEPT, IF) while still blocking all mutations (INSERT, UPDATE, DELETE, DROP, etc.), dangerous operations (EXEC, OPENROWSET, WAITFOR), and multi-statement injection (semicolons).
+
 ### ClassUtils -- Reflection Helpers
 
 Functions for introspecting class hierarchies at runtime.
@@ -589,7 +604,8 @@ function RegisterClass(
 | Method | Returns | Description |
 |---|---|---|
 | `Instance` (static) | `SQLExpressionValidator` | Singleton accessor |
-| `validate(expression, options)` | `SQLValidationResult` | Validate a SQL expression |
+| `validate(expression, options)` | `SQLValidationResult` | Validate a SQL expression with context-specific rules |
+| `validateFullQuery(sql)` | `SQLValidationResult` | Validate a full SELECT/WITH query (convenience for `validate(sql, { context: 'full_query' })`) |
 
 ### WarningManager
 

package/dist/DynamicPackageLoader.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Dynamic Package Loading
+ *
+ * Provides runtime dynamic import capabilities for MJ Open App packages.
+ * Used by MJAPI startup to load server-side app bootstrap packages that
+ * register their classes with the ClassFactory via @RegisterClass decorators.
+ */
+/**
+ * Describes a package to be dynamically imported at runtime.
+ * Typically read from the `dynamicPackages.server` section of mj.config.cjs.
+ */
+export interface DynamicPackageLoad {
+    /** npm package name to dynamically import */
+    PackageName: string;
+    /** Named export to call after import (e.g., 'LoadAcmeCRMServer') */
+    StartupExport: string;
+    /** Open App name this package belongs to (for tracking) */
+    AppName: string;
+    /** Whether this package should be loaded. Allows disabling without removing. */
+    Enabled: boolean;
+}
+/**
+ * Result of attempting to dynamically load a single package.
+ */
+export interface DynamicLoadResult {
+    /** The package that was loaded (or failed to load) */
+    PackageName: string;
+    /** Whether the package was loaded and its startup export called successfully */
+    Success: boolean;
+    /** Error message if the load failed */
+    Error?: string;
+}
+/**
+ * Utility class for dynamically loading npm packages at runtime.
+ *
+ * Used during MJAPI startup to load Open App server-side bootstrap packages.
+ * Each package is loaded in isolation — a failure in one package does not
+ * prevent others from loading.
+ */
+export declare class DynamicPackageLoader {
+    /**
+     * Loads all enabled dynamic packages in parallel for better performance.
+     * For each package:
+     * 1. Skips if `Enabled` is false
+     * 2. Dynamically imports the package via `await import()`
+     * 3. Calls the named `StartupExport` function if it exists
+     * 4. Records success or failure
+     *
+     * Errors are isolated per-package — a broken package does not crash the server.
+     * All enabled packages are loaded concurrently using Promise.all().
+     *
+     * @param packages - Array of packages to load
+     * @returns Array of results indicating success/failure for each package
+     */
+    static LoadPackages(packages: DynamicPackageLoad[]): Promise<DynamicLoadResult[]>;
+    /**
+     * Attempts to dynamically import a single package and call its startup export.
+     */
+    private static LoadSinglePackage;
+}
+//# sourceMappingURL=DynamicPackageLoader.d.ts.map

package/dist/DynamicPackageLoader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DynamicPackageLoader.d.ts","sourceRoot":"","sources":["../src/DynamicPackageLoader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IAC/B,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IAEpB,oEAAoE;IACpE,aAAa,EAAE,MAAM,CAAC;IAEtB,2DAA2D;IAC3D,OAAO,EAAE,MAAM,CAAC;IAEhB,gFAAgF;IAChF,OAAO,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAC9B,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,gFAAgF;IAChF,OAAO,EAAE,OAAO,CAAC;IAEjB,uCAAuC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,qBAAa,oBAAoB;IAC7B;;;;;;;;;;;;;OAaG;WACU,YAAY,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAKvF;;OAEG;mBACkB,iBAAiB;CAqBzC"}

package/dist/DynamicPackageLoader.js

@@ -0,0 +1,56 @@
+/**
+ * Dynamic Package Loading
+ *
+ * Provides runtime dynamic import capabilities for MJ Open App packages.
+ * Used by MJAPI startup to load server-side app bootstrap packages that
+ * register their classes with the ClassFactory via @RegisterClass decorators.
+ */
+/**
+ * Utility class for dynamically loading npm packages at runtime.
+ *
+ * Used during MJAPI startup to load Open App server-side bootstrap packages.
+ * Each package is loaded in isolation — a failure in one package does not
+ * prevent others from loading.
+ */
+export class DynamicPackageLoader {
+    /**
+     * Loads all enabled dynamic packages in parallel for better performance.
+     * For each package:
+     * 1. Skips if `Enabled` is false
+     * 2. Dynamically imports the package via `await import()`
+     * 3. Calls the named `StartupExport` function if it exists
+     * 4. Records success or failure
+     *
+     * Errors are isolated per-package — a broken package does not crash the server.
+     * All enabled packages are loaded concurrently using Promise.all().
+     *
+     * @param packages - Array of packages to load
+     * @returns Array of results indicating success/failure for each package
+     */
+    static async LoadPackages(packages) {
+        const enabledPackages = packages.filter(p => p.Enabled);
+        return Promise.all(enabledPackages.map(pkg => DynamicPackageLoader.LoadSinglePackage(pkg)));
+    }
+    /**
+     * Attempts to dynamically import a single package and call its startup export.
+     */
+    static async LoadSinglePackage(pkg) {
+        try {
+            const module = await import(pkg.PackageName);
+            if (pkg.StartupExport && typeof module[pkg.StartupExport] === 'function') {
+                module[pkg.StartupExport]();
+            }
+            return { PackageName: pkg.PackageName, Success: true };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            console.error(`Failed to load dynamic package ${pkg.PackageName}: ${errorMessage}`);
+            return {
+                PackageName: pkg.PackageName,
+                Success: false,
+                Error: errorMessage
+            };
+        }
+    }
+}
+//# sourceMappingURL=DynamicPackageLoader.js.map

package/dist/DynamicPackageLoader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DynamicPackageLoader.js","sourceRoot":"","sources":["../src/DynamicPackageLoader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkCH;;;;;;GAMG;AACH,MAAM,OAAO,oBAAoB;IAC7B;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAA8B;QACpD,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACxD,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAChG,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,GAAuB;QAC1D,IAAI,CAAC;YACD,MAAM,MAAM,GAA4B,MAAM,MAAM,CAAC,GAAG,CAAC,WAAW,CAA4B,CAAC;YAEjG,IAAI,GAAG,CAAC,aAAa,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU,EAAE,CAAC;gBACtE,MAAM,CAAC,GAAG,CAAC,aAAa,CAAgB,EAAE,CAAC;YAChD,CAAC;YAED,OAAO,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,KAAc,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,OAAO,CAAC,KAAK,CAAC,kCAAkC,GAAG,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC,CAAC;YAEpF,OAAO;gBACH,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY;aACtB,CAAC;QACN,CAAC;IACL,CAAC;CACJ"}

package/dist/SQLExpressionValidator.d.ts

@@ -1,8 +1,9 @@
 /**
- * @fileoverview Unified SQL Expression Validation
+ * @fileoverview Unified SQL Expression and Query Validation
  *
- * Central utility for validating user-provided SQL expressions against injection attacks.
- * Used by RunView, aggregates, smart filters, and any other feature accepting SQL input.
+ * Central utility for validating user-provided SQL expressions and full queries
+ * against injection attacks. Used by RunView, aggregates, smart filters, ad-hoc
+ * query execution, and any other feature accepting SQL input.
  *
  * Located in MJGlobal (lowest-level package) so all packages can use it.
  *
@@ -12,6 +13,11 @@
  * Dangerous SQL keywords that are never allowed in user-provided expressions
  */
 export declare const DANGEROUS_SQL_KEYWORDS: readonly ["DROP", "CREATE", "ALTER", "TRUNCATE", "RENAME", "INSERT", "UPDATE", "DELETE", "MERGE", "REPLACE", "GRANT", "REVOKE", "DENY", "EXEC", "EXECUTE", "CALL", "PROCEDURE", "FUNCTION", "BEGIN", "COMMIT", "ROLLBACK", "SAVEPOINT", "USE", "DATABASE", "SCHEMA", "IF", "WHILE", "LOOP", "FOR", "GOTO", "UNION", "INTERSECT", "EXCEPT", "EXISTS", "ANY", "ALL", "SOME", "BULK", "OPENROWSET", "OPENDATASOURCE", "OPENQUERY", "XP_", "SP_", "DYNAMIC", "PREPARE", "DEALLOCATE", "WAITFOR", "DELAY", "SLEEP", "SHUTDOWN", "RECONFIGURE"];
+/**
+ * Keywords from DANGEROUS_SQL_KEYWORDS that are legitimate in full SELECT queries.
+ * These are only unblocked when context is 'full_query'.
+ */
+export declare const FULL_QUERY_ALLOWED_KEYWORDS: readonly ["EXISTS", "ANY", "ALL", "SOME", "UNION", "INTERSECT", "EXCEPT", "IF"];
 /**
  * Safe SQL functions allowed in expressions, organized by category
  */
@@ -29,7 +35,7 @@ export declare const ALLOWED_SQL_FUNCTIONS: {
 /**
  * Validation context - affects what's allowed
  */
-export type SQLValidationContext = 'where_clause' | 'order_by' | 'aggregate' | 'field_reference';
+export type SQLValidationContext = 'where_clause' | 'order_by' | 'aggregate' | 'field_reference' | 'full_query';
 /**
  * Validation result with detailed error information
  */
@@ -117,9 +123,30 @@ export declare class SQLExpressionValidator {
      * Validate field references exist in entity (lenient mode - just for logging)
      */
     private checkFieldReferences;
+    /**
+     * Strip SQL comments (single-line -- and multi-line block comments) from a query.
+     * Used by full_query context to allow agent-generated header comments
+     * without triggering the comment injection check.
+     */
+    private stripSQLComments;
     /**
      * Escape special regex characters in a string
      */
     private escapeRegex;
+    /**
+     * Normalize literal escape sequences in SQL strings.
+     * Agent-generated SQL sometimes arrives with literal \n, \r, \t sequences
+     * (backslash + letter) instead of actual whitespace characters. This happens
+     * when JSON is double-escaped or the SQL passes through a transport layer
+     * that doesn't interpret escape sequences. Without normalization, comment
+     * stripping fails because the regex expects real newlines.
+     */
+    private normalizeSQLWhitespace;
+    /**
+     * Validate a full SQL query (SELECT or WITH/CTE statement).
+     * Blocks mutations, dangerous operations, and multi-statement injection.
+     * Allows SELECT, subqueries, set operations, and SQL comments.
+     */
+    validateFullQuery(sql: string): SQLValidationResult;
 }
 //# sourceMappingURL=SQLExpressionValidator.d.ts.map

package/dist/SQLExpressionValidator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SQLExpressionValidator.d.ts","sourceRoot":"","sources":["../src/SQLExpressionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB,2gBA0CzB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;CA2BxB,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B,cAAc,GACd,UAAU,GACV,WAAW,GACX,iBAAiB,CAAC;AAEtB;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,+CAA+C;IAC/C,KAAK,EAAE,OAAO,CAAC;IACf,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gDAAgD;IAChD,OAAO,EAAE,oBAAoB,CAAC;IAE9B,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,wHAAwH;IACxH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,iFAAiF;IACjF,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B,qCAAqC;IACrC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAyB;IAEjD,OAAO;IAEP;;OAEG;IACH,WAAkB,QAAQ,IAAI,sBAAsB,CAKnD;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,GAAG,mBAAmB;IAiCvF;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAM5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAgD9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoBzB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA4B5B;;OAEG;IACH,OAAO,CAAC,WAAW;CAGpB"}
+{"version":3,"file":"SQLExpressionValidator.d.ts","sourceRoot":"","sources":["../src/SQLExpressionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB,2gBA0CzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,iFAS9B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;CA2BxB,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B,cAAc,GACd,UAAU,GACV,WAAW,GACX,iBAAiB,GACjB,YAAY,CAAC;AAEjB;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,+CAA+C;IAC/C,KAAK,EAAE,OAAO,CAAC;IACf,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gDAAgD;IAChD,OAAO,EAAE,oBAAoB,CAAC;IAE9B,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,wHAAwH;IACxH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,iFAAiF;IACjF,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B,qCAAqC;IACrC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAyB;IAEjD,OAAO;IAEP;;OAEG;IACH,WAAkB,QAAQ,IAAI,sBAAsB,CAKnD;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,GAAG,mBAAmB;IAoCvF;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAM5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAoE9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAiCzB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA4B5B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAMxB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;;;;;;OAOG;IACH,OAAO,CAAC,sBAAsB;IAQ9B;;;;OAIG;IACI,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB;CAO3D"}

package/dist/SQLExpressionValidator.js

@@ -1,8 +1,9 @@
 /**
- * @fileoverview Unified SQL Expression Validation
+ * @fileoverview Unified SQL Expression and Query Validation
  *
- * Central utility for validating user-provided SQL expressions against injection attacks.
- * Used by RunView, aggregates, smart filters, and any other feature accepting SQL input.
+ * Central utility for validating user-provided SQL expressions and full queries
+ * against injection attacks. Used by RunView, aggregates, smart filters, ad-hoc
+ * query execution, and any other feature accepting SQL input.
  *
  * Located in MJGlobal (lowest-level package) so all packages can use it.
  *
@@ -41,6 +42,18 @@ export const DANGEROUS_SQL_KEYWORDS = [
     // System operations
     'SHUTDOWN', 'RECONFIGURE'
 ];
+/**
+ * Keywords from DANGEROUS_SQL_KEYWORDS that are legitimate in full SELECT queries.
+ * These are only unblocked when context is 'full_query'.
+ */
+export const FULL_QUERY_ALLOWED_KEYWORDS = [
+    // Subquery operators — valid in WHERE EXISTS(...), x > ANY(...)
+    'EXISTS', 'ANY', 'ALL', 'SOME',
+    // Set operations — valid for UNION/INTERSECT/EXCEPT queries
+    'UNION', 'INTERSECT', 'EXCEPT',
+    // IIF() uses IF internally, CASE WHEN patterns are common
+    'IF',
+];
 /**
  * Safe SQL functions allowed in expressions, organized by category
  */
@@ -117,10 +130,13 @@ export class SQLExpressionValidator {
         const dangerCheck = this.checkDangerousPatterns(withoutStrings, options);
         if (!dangerCheck.valid)
             return dangerCheck;
-        // Step 3: Validate function names are in allowlist
-        const functionCheck = this.checkFunctionNames(withoutStrings, options);
-        if (!functionCheck.valid)
-            return functionCheck;
+        // Step 3: Validate function names are in allowlist (skip for full queries —
+        // the function allowlist is designed for expression fragments, not full SQL statements)
+        if (options.context !== 'full_query') {
+            const functionCheck = this.checkFunctionNames(withoutStrings, options);
+            if (!functionCheck.valid)
+                return functionCheck;
+        }
         // Step 4: Context-specific validation
         const contextCheck = this.checkContextRules(withoutStrings, options);
         if (!contextCheck.valid)
@@ -144,20 +160,42 @@ export class SQLExpressionValidator {
      * Check for dangerous SQL patterns that indicate injection attempts
      */
     checkDangerousPatterns(expression, options) {
-        const upper = expression.toUpperCase();
+        const isFullQuery = options.context === 'full_query';
         // Build blocked list - explicitly typed as string[] for mutability
-        const blocked = [...DANGEROUS_SQL_KEYWORDS];
+        let blocked = [...DANGEROUS_SQL_KEYWORDS];
         if (options.additionalBlocked) {
             blocked.push(...options.additionalBlocked);
         }
-        // Add SELECT to blocked unless explicitly allowed (prevents subqueries)
-        if (!options.allowSubqueries && !blocked.includes('SELECT')) {
+        // For full_query context, remove keywords that are legitimate in SELECT statements
+        if (isFullQuery) {
+            const allowedSet = new Set(FULL_QUERY_ALLOWED_KEYWORDS.map(k => k.toUpperCase()));
+            blocked = blocked.filter(kw => !allowedSet.has(kw.toUpperCase()));
+        }
+        // Add SELECT to blocked unless context allows it (prevents subqueries in expressions)
+        if (!isFullQuery && !options.allowSubqueries && !blocked.includes('SELECT')) {
             blocked.push('SELECT');
         }
+        // For full_query, strip comments before keyword checking (agent SQL has header comment blocks).
+        // For expressions, comments are still rejected outright as injection vectors.
+        let textToCheck;
+        if (isFullQuery) {
+            textToCheck = this.stripSQLComments(expression).toUpperCase();
+        }
+        else {
+            const upper = expression.toUpperCase();
+            if (upper.includes('--') || upper.includes('/*') || upper.includes('*/')) {
+                return {
+                    valid: false,
+                    error: 'Comments are not allowed in SQL expressions',
+                    trigger: 'comment'
+                };
+            }
+            textToCheck = upper;
+        }
         for (const keyword of blocked) {
             // Use word boundaries to avoid false positives (e.g., "DESCRIPTION" containing "EXEC")
             const pattern = new RegExp(`\\b${this.escapeRegex(keyword)}\\b`, 'i');
-            if (pattern.test(upper)) {
+            if (pattern.test(textToCheck)) {
                 return {
                     valid: false,
                     error: `Dangerous SQL keyword detected: ${keyword}`,
@@ -166,16 +204,14 @@ export class SQLExpressionValidator {
                 };
             }
         }
-        // Check comment patterns (common injection technique)
-        if (upper.includes('--') || upper.includes('/*') || upper.includes('*/')) {
-            return {
-                valid: false,
-                error: 'Comments are not allowed in SQL expressions',
-                trigger: 'comment'
-            };
-        }
-        // Check statement terminator (prevents multi-statement injection)
-        if (expression.includes(';')) {
+        // Check statement terminator (prevents multi-statement injection).
+        // For full_query context, strip comments first (a trailing semicolon may be followed by
+        // an inline comment like `ORDER BY x DESC; -- highest first`), then strip the trailing
+        // semicolon. Only reject if semicolons remain mid-statement, indicating injection.
+        const textForSemicolonCheck = isFullQuery
+            ? this.stripSQLComments(expression).replace(/;\s*$/, '') // strip comments then trailing semicolon
+            : expression;
+        if (textForSemicolonCheck.includes(';')) {
             return {
                 valid: false,
                 error: 'Semicolons are not allowed in SQL expressions',
@@ -228,6 +264,18 @@ export class SQLExpressionValidator {
                 };
             }
         }
+        // For full_query context, the query must start with SELECT or WITH (CTE)
+        if (options.context === 'full_query') {
+            const stripped = this.stripSQLComments(expression).trim();
+            const upper = stripped.toUpperCase();
+            if (!upper.startsWith('SELECT') && !upper.startsWith('WITH')) {
+                return {
+                    valid: false,
+                    error: 'Ad-hoc query must start with SELECT or WITH',
+                    suggestion: 'Only SELECT statements and CTEs (WITH ... AS) are allowed'
+                };
+            }
+        }
         return { valid: true };
     }
     /**
@@ -256,11 +304,48 @@ export class SQLExpressionValidator {
             // For now, we allow it to pass
         }
     }
+    /**
+     * Strip SQL comments (single-line -- and multi-line block comments) from a query.
+     * Used by full_query context to allow agent-generated header comments
+     * without triggering the comment injection check.
+     */
+    stripSQLComments(sql) {
+        return sql
+            .replace(/--[^\n]*/g, '') // Single-line comments
+            .replace(/\/\*[\s\S]*?\*\//g, ''); // Block comments
+    }
     /**
      * Escape special regex characters in a string
      */
     escapeRegex(str) {
         return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
     }
+    /**
+     * Normalize literal escape sequences in SQL strings.
+     * Agent-generated SQL sometimes arrives with literal \n, \r, \t sequences
+     * (backslash + letter) instead of actual whitespace characters. This happens
+     * when JSON is double-escaped or the SQL passes through a transport layer
+     * that doesn't interpret escape sequences. Without normalization, comment
+     * stripping fails because the regex expects real newlines.
+     */
+    normalizeSQLWhitespace(sql) {
+        return sql
+            .replace(/\\r\\n/g, '\n') // Literal \r\n → newline
+            .replace(/\\n/g, '\n') // Literal \n → newline
+            .replace(/\\r/g, '\r') // Literal \r → carriage return
+            .replace(/\\t/g, '\t'); // Literal \t → tab
+    }
+    /**
+     * Validate a full SQL query (SELECT or WITH/CTE statement).
+     * Blocks mutations, dangerous operations, and multi-statement injection.
+     * Allows SELECT, subqueries, set operations, and SQL comments.
+     */
+    validateFullQuery(sql) {
+        // Normalize literal escape sequences before validation — agent-generated
+        // SQL may arrive with literal \n instead of real newlines, which breaks
+        // comment stripping and the "must start with SELECT" check.
+        const normalized = this.normalizeSQLWhitespace(sql);
+        return this.validate(normalized, { context: 'full_query' });
+    }
 }
 //# sourceMappingURL=SQLExpressionValidator.js.map

package/dist/SQLExpressionValidator.js.map

@@ -1 +1 @@
-{"version":3,"file":"SQLExpressionValidator.js","sourceRoot":"","sources":["../src/SQLExpressionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;IAE/C,mCAAmC;IACnC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS;IAEhD,8BAA8B;IAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM;IAEzB,2BAA2B;IAC3B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;IAElD,sBAAsB;IACtB,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;IAE1C,6BAA6B;IAC7B,KAAK,EAAE,UAAU,EAAE,QAAQ;IAE3B,0CAA0C;IAC1C,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAEpC,2CAA2C;IAC3C,OAAO,EAAE,WAAW,EAAE,QAAQ;IAE9B,4CAA4C;IAC5C,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IAE9B,2BAA2B;IAC3B,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,WAAW;IAEnD,6BAA6B;IAC7B,KAAK,EAAE,KAAK;IAEZ,cAAc;IACd,SAAS,EAAE,SAAS,EAAE,YAAY;IAElC,uBAAuB;IACvB,SAAS,EAAE,OAAO,EAAE,OAAO;IAE3B,oBAAoB;IACpB,UAAU,EAAE,aAAa;CACjB,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,sBAAsB;IACtB,UAAU,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,cAAc,CAAC;IAE9H,iBAAiB;IACjB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;IAElG,+BAA+B;IAC/B,MAAM,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC;IAE9I,iBAAiB;IACjB,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC;IAEhJ,gCAAgC;IAChC,UAAU,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,CAAC;IAEpE,gBAAgB;IAChB,YAAY,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC;IAErD,mBAAmB;IACnB,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC;IAEpD,kCAAkC;IAClC,OAAO,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC;IAEpE,2BAA2B;IAC3B,QAAQ,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC;CAC1J,CAAC;AAgDX;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,sBAAsB;IAGjC,gBAAuB,CAAC;IAExB;;OAEG;IACI,MAAM,KAAK,QAAQ;QACxB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAsB,EAAE,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,UAAkB,EAAE,OAA6B;QAC/D,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;QAC/D,CAAC;QAED,0DAA0D;QAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAE1D,uCAAuC;QACvC,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW,CAAC,KAAK;YAAE,OAAO,WAAW,CAAC;QAE3C,mDAAmD;QACnD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,aAAa,CAAC,KAAK;YAAE,OAAO,aAAa,CAAC;QAE/C,sCAAsC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACrE,IAAI,CAAC,YAAY,CAAC,KAAK;YAAE,OAAO,YAAY,CAAC;QAE7C,6EAA6E;QAC7E,IAAI,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,oBAAoB,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,UAAkB;QAC7C,uEAAuE;QACvE,MAAM,aAAa,GAAG,kCAAkC,CAAC;QACzD,OAAO,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,UAAkB,EAAE,OAA6B;QAC9E,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAEvC,mEAAmE;QACnE,MAAM,OAAO,GAAa,CAAC,GAAG,sBAAsB,CAAC,CAAC;QACtD,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC7C,CAAC;QAED,wEAAwE;QACxE,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;YAC9B,uFAAuF;YACvF,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACtE,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mCAAmC,OAAO,EAAE;oBACnD,OAAO,EAAE,OAAO;oBAChB,UAAU,EAAE,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,8DAA8D,CAAC,CAAC,CAAC,SAAS;iBAC9G,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACzE,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,6CAA6C;gBACpD,OAAO,EAAE,SAAS;aACnB,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,+CAA+C;gBACtD,OAAO,EAAE,GAAG;aACb,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,UAAkB,EAAE,OAA6B;QAC1E,0DAA0D;QAC1D,MAAM,eAAe,GAAG,6BAA6B,CAAC;QACtD,IAAI,KAAK,CAAC;QAEV,mDAAmD;QACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACzF,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,aAAa,MAAM,kBAAkB;oBAC5C,OAAO,EAAE,MAAM;oBACf,UAAU,EAAE,8BAA8B,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;iBACjJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,UAAkB,EAAE,OAA6B;QACzE,8FAA8F;QAC9F,IAAI,OAAO,CAAC,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC1E,MAAM,YAAY,GAAG,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;gBAC9D,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;gBACnD,OAAO,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mEAAmE;oBAC1E,UAAU,EAAE,eAAe,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACzE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,UAAkB,EAAE,YAAsB;QACrE,oEAAoE;QACpE,MAAM,YAAY,GAAG,mCAAmC,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAEjE,yDAAyD;QACzD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAE1F,IAAI,KAAK,CAAC;QACV,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,OAAO,CAAC,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,mDAAmD;YACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,0EAA0E;QAC1E,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,0DAA0D;YAC1D,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;CACF"}
+{"version":3,"file":"SQLExpressionValidator.js","sourceRoot":"","sources":["../src/SQLExpressionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;IAE/C,mCAAmC;IACnC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS;IAEhD,8BAA8B;IAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM;IAEzB,2BAA2B;IAC3B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;IAElD,sBAAsB;IACtB,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW;IAE1C,6BAA6B;IAC7B,KAAK,EAAE,UAAU,EAAE,QAAQ;IAE3B,0CAA0C;IAC1C,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAEpC,2CAA2C;IAC3C,OAAO,EAAE,WAAW,EAAE,QAAQ;IAE9B,4CAA4C;IAC5C,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IAE9B,2BAA2B;IAC3B,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,WAAW;IAEnD,6BAA6B;IAC7B,KAAK,EAAE,KAAK;IAEZ,cAAc;IACd,SAAS,EAAE,SAAS,EAAE,YAAY;IAElC,uBAAuB;IACvB,SAAS,EAAE,OAAO,EAAE,OAAO;IAE3B,oBAAoB;IACpB,UAAU,EAAE,aAAa;CACjB,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,gEAAgE;IAChE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IAE9B,4DAA4D;IAC5D,OAAO,EAAE,WAAW,EAAE,QAAQ;IAE9B,0DAA0D;IAC1D,IAAI;CACI,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,sBAAsB;IACtB,UAAU,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,cAAc,CAAC;IAE9H,iBAAiB;IACjB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;IAElG,+BAA+B;IAC/B,MAAM,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC;IAE9I,iBAAiB;IACjB,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC;IAEhJ,gCAAgC;IAChC,UAAU,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,CAAC;IAEpE,gBAAgB;IAChB,YAAY,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC;IAErD,mBAAmB;IACnB,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC;IAEpD,kCAAkC;IAClC,OAAO,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC;IAEpE,2BAA2B;IAC3B,QAAQ,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC;CAC1J,CAAC;AAiDX;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,sBAAsB;IAGjC,gBAAuB,CAAC;IAExB;;OAEG;IACI,MAAM,KAAK,QAAQ;QACxB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAsB,EAAE,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,UAAkB,EAAE,OAA6B;QAC/D,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;QAC/D,CAAC;QAED,0DAA0D;QAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAE1D,uCAAuC;QACvC,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW,CAAC,KAAK;YAAE,OAAO,WAAW,CAAC;QAE3C,4EAA4E;QAC5E,wFAAwF;QACxF,IAAI,OAAO,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YACrC,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YACvE,IAAI,CAAC,aAAa,CAAC,KAAK;gBAAE,OAAO,aAAa,CAAC;QACjD,CAAC;QAED,sCAAsC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACrE,IAAI,CAAC,YAAY,CAAC,KAAK;YAAE,OAAO,YAAY,CAAC;QAE7C,6EAA6E;QAC7E,IAAI,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YACjC,IAAI,CAAC,oBAAoB,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,UAAkB;QAC7C,uEAAuE;QACvE,MAAM,aAAa,GAAG,kCAAkC,CAAC;QACzD,OAAO,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,UAAkB,EAAE,OAA6B;QAC9E,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,KAAK,YAAY,CAAC;QAErD,mEAAmE;QACnE,IAAI,OAAO,GAAa,CAAC,GAAG,sBAAsB,CAAC,CAAC;QACpD,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC7C,CAAC;QAED,mFAAmF;QACnF,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAClF,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,sFAAsF;QACtF,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5E,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QAED,gGAAgG;QAChG,8EAA8E;QAC9E,IAAI,WAAmB,CAAC;QACxB,IAAI,WAAW,EAAE,CAAC;YAChB,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,6CAA6C;oBACpD,OAAO,EAAE,SAAS;iBACnB,CAAC;YACJ,CAAC;YACD,WAAW,GAAG,KAAK,CAAC;QACtB,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;YAC9B,uFAAuF;YACvF,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACtE,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mCAAmC,OAAO,EAAE;oBACnD,OAAO,EAAE,OAAO;oBAChB,UAAU,EAAE,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,8DAA8D,CAAC,CAAC,CAAC,SAAS;iBAC9G,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,wFAAwF;QACxF,uFAAuF;QACvF,mFAAmF;QACnF,MAAM,qBAAqB,GAAG,WAAW;YACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAG,yCAAyC;YACpG,CAAC,CAAC,UAAU,CAAC;QACf,IAAI,qBAAqB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,+CAA+C;gBACtD,OAAO,EAAE,GAAG;aACb,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,UAAkB,EAAE,OAA6B;QAC1E,0DAA0D;QAC1D,MAAM,eAAe,GAAG,6BAA6B,CAAC;QACtD,IAAI,KAAK,CAAC;QAEV,mDAAmD;QACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACzF,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,aAAa,MAAM,kBAAkB;oBAC5C,OAAO,EAAE,MAAM;oBACf,UAAU,EAAE,8BAA8B,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;iBACjJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,UAAkB,EAAE,OAA6B;QACzE,8FAA8F;QAC9F,IAAI,OAAO,CAAC,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC1E,MAAM,YAAY,GAAG,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;gBAC9D,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;gBACnD,OAAO,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mEAAmE;oBAC1E,UAAU,EAAE,eAAe,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACzE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yEAAyE;QACzE,IAAI,OAAO,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7D,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,6CAA6C;oBACpD,UAAU,EAAE,2DAA2D;iBACxE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,UAAkB,EAAE,YAAsB;QACrE,oEAAoE;QACpE,MAAM,YAAY,GAAG,mCAAmC,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAEjE,yDAAyD;QACzD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAE1F,IAAI,KAAK,CAAC;QACV,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,OAAO,CAAC,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,mDAAmD;YACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,0EAA0E;QAC1E,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,0DAA0D;YAC1D,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,GAAW;QAClC,OAAO,GAAG;aACP,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAU,uBAAuB;aACzD,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB;IACxD,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;OAOG;IACK,sBAAsB,CAAC,GAAW;QACxC,OAAO,GAAG;aACP,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAE,yBAAyB;aACnD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAK,uBAAuB;aACjD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAK,+BAA+B;aACzD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAI,mBAAmB;IAClD,CAAC;IAED;;;;OAIG;IACI,iBAAiB,CAAC,GAAW;QAClC,yEAAyE;QACzE,wEAAwE;QACxE,4DAA4D;QAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IAC9D,CAAC;CACF"}

package/dist/__tests__/SQLExpressionValidator.security.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=SQLExpressionValidator.security.test.d.ts.map

package/dist/__tests__/SQLExpressionValidator.security.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SQLExpressionValidator.security.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/SQLExpressionValidator.security.test.ts"],"names":[],"mappings":""}