@neverinfamous/postgres-mcp 1.0.2 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (273) hide show
  1. package/README.md +65 -38
  2. package/dist/__tests__/mocks/adapter.d.ts.map +1 -1
  3. package/dist/__tests__/mocks/adapter.js +0 -1
  4. package/dist/__tests__/mocks/adapter.js.map +1 -1
  5. package/dist/__tests__/mocks/pool.d.ts.map +1 -1
  6. package/dist/__tests__/mocks/pool.js +0 -1
  7. package/dist/__tests__/mocks/pool.js.map +1 -1
  8. package/dist/adapters/DatabaseAdapter.d.ts +5 -6
  9. package/dist/adapters/DatabaseAdapter.d.ts.map +1 -1
  10. package/dist/adapters/DatabaseAdapter.js +74 -53
  11. package/dist/adapters/DatabaseAdapter.js.map +1 -1
  12. package/dist/adapters/postgresql/PostgresAdapter.d.ts +13 -0
  13. package/dist/adapters/postgresql/PostgresAdapter.d.ts.map +1 -1
  14. package/dist/adapters/postgresql/PostgresAdapter.js +73 -8
  15. package/dist/adapters/postgresql/PostgresAdapter.js.map +1 -1
  16. package/dist/adapters/postgresql/prompts/backup.d.ts.map +1 -1
  17. package/dist/adapters/postgresql/prompts/backup.js +2 -3
  18. package/dist/adapters/postgresql/prompts/backup.js.map +1 -1
  19. package/dist/adapters/postgresql/prompts/citext.d.ts.map +1 -1
  20. package/dist/adapters/postgresql/prompts/citext.js +3 -4
  21. package/dist/adapters/postgresql/prompts/citext.js.map +1 -1
  22. package/dist/adapters/postgresql/prompts/extensionSetup.d.ts.map +1 -1
  23. package/dist/adapters/postgresql/prompts/extensionSetup.js +2 -3
  24. package/dist/adapters/postgresql/prompts/extensionSetup.js.map +1 -1
  25. package/dist/adapters/postgresql/prompts/health.d.ts.map +1 -1
  26. package/dist/adapters/postgresql/prompts/health.js +2 -3
  27. package/dist/adapters/postgresql/prompts/health.js.map +1 -1
  28. package/dist/adapters/postgresql/prompts/index.js +20 -27
  29. package/dist/adapters/postgresql/prompts/index.js.map +1 -1
  30. package/dist/adapters/postgresql/prompts/indexTuning.d.ts.map +1 -1
  31. package/dist/adapters/postgresql/prompts/indexTuning.js +2 -3
  32. package/dist/adapters/postgresql/prompts/indexTuning.js.map +1 -1
  33. package/dist/adapters/postgresql/prompts/kcache.d.ts.map +1 -1
  34. package/dist/adapters/postgresql/prompts/kcache.js +3 -4
  35. package/dist/adapters/postgresql/prompts/kcache.js.map +1 -1
  36. package/dist/adapters/postgresql/prompts/ltree.d.ts.map +1 -1
  37. package/dist/adapters/postgresql/prompts/ltree.js +3 -4
  38. package/dist/adapters/postgresql/prompts/ltree.js.map +1 -1
  39. package/dist/adapters/postgresql/prompts/partman.d.ts.map +1 -1
  40. package/dist/adapters/postgresql/prompts/partman.js +2 -3
  41. package/dist/adapters/postgresql/prompts/partman.js.map +1 -1
  42. package/dist/adapters/postgresql/prompts/pgcron.d.ts.map +1 -1
  43. package/dist/adapters/postgresql/prompts/pgcron.js +2 -3
  44. package/dist/adapters/postgresql/prompts/pgcron.js.map +1 -1
  45. package/dist/adapters/postgresql/prompts/pgcrypto.d.ts.map +1 -1
  46. package/dist/adapters/postgresql/prompts/pgcrypto.js +3 -4
  47. package/dist/adapters/postgresql/prompts/pgcrypto.js.map +1 -1
  48. package/dist/adapters/postgresql/prompts/pgvector.d.ts.map +1 -1
  49. package/dist/adapters/postgresql/prompts/pgvector.js +3 -4
  50. package/dist/adapters/postgresql/prompts/pgvector.js.map +1 -1
  51. package/dist/adapters/postgresql/prompts/postgis.d.ts.map +1 -1
  52. package/dist/adapters/postgresql/prompts/postgis.js +2 -3
  53. package/dist/adapters/postgresql/prompts/postgis.js.map +1 -1
  54. package/dist/adapters/postgresql/schemas/admin.d.ts +42 -0
  55. package/dist/adapters/postgresql/schemas/admin.d.ts.map +1 -1
  56. package/dist/adapters/postgresql/schemas/admin.js +61 -0
  57. package/dist/adapters/postgresql/schemas/admin.js.map +1 -1
  58. package/dist/adapters/postgresql/schemas/backup.d.ts +119 -0
  59. package/dist/adapters/postgresql/schemas/backup.d.ts.map +1 -1
  60. package/dist/adapters/postgresql/schemas/backup.js +169 -0
  61. package/dist/adapters/postgresql/schemas/backup.js.map +1 -1
  62. package/dist/adapters/postgresql/schemas/core.d.ts +28 -0
  63. package/dist/adapters/postgresql/schemas/core.d.ts.map +1 -1
  64. package/dist/adapters/postgresql/schemas/core.js +66 -0
  65. package/dist/adapters/postgresql/schemas/core.js.map +1 -1
  66. package/dist/adapters/postgresql/schemas/cron.d.ts +117 -0
  67. package/dist/adapters/postgresql/schemas/cron.d.ts.map +1 -1
  68. package/dist/adapters/postgresql/schemas/cron.js +148 -1
  69. package/dist/adapters/postgresql/schemas/cron.js.map +1 -1
  70. package/dist/adapters/postgresql/schemas/extensions.d.ts +335 -0
  71. package/dist/adapters/postgresql/schemas/extensions.d.ts.map +1 -1
  72. package/dist/adapters/postgresql/schemas/extensions.js +455 -2
  73. package/dist/adapters/postgresql/schemas/extensions.js.map +1 -1
  74. package/dist/adapters/postgresql/schemas/index.d.ts +15 -15
  75. package/dist/adapters/postgresql/schemas/index.d.ts.map +1 -1
  76. package/dist/adapters/postgresql/schemas/index.js +56 -16
  77. package/dist/adapters/postgresql/schemas/index.js.map +1 -1
  78. package/dist/adapters/postgresql/schemas/jsonb.d.ts +408 -21
  79. package/dist/adapters/postgresql/schemas/jsonb.d.ts.map +1 -1
  80. package/dist/adapters/postgresql/schemas/jsonb.js +544 -23
  81. package/dist/adapters/postgresql/schemas/jsonb.js.map +1 -1
  82. package/dist/adapters/postgresql/schemas/monitoring.d.ts +179 -0
  83. package/dist/adapters/postgresql/schemas/monitoring.d.ts.map +1 -1
  84. package/dist/adapters/postgresql/schemas/monitoring.js +240 -0
  85. package/dist/adapters/postgresql/schemas/monitoring.js.map +1 -1
  86. package/dist/adapters/postgresql/schemas/partitioning.d.ts +60 -0
  87. package/dist/adapters/postgresql/schemas/partitioning.d.ts.map +1 -1
  88. package/dist/adapters/postgresql/schemas/partitioning.js +89 -2
  89. package/dist/adapters/postgresql/schemas/partitioning.js.map +1 -1
  90. package/dist/adapters/postgresql/schemas/partman.d.ts +156 -0
  91. package/dist/adapters/postgresql/schemas/partman.d.ts.map +1 -1
  92. package/dist/adapters/postgresql/schemas/partman.js +203 -0
  93. package/dist/adapters/postgresql/schemas/partman.js.map +1 -1
  94. package/dist/adapters/postgresql/schemas/performance.d.ts +124 -0
  95. package/dist/adapters/postgresql/schemas/performance.d.ts.map +1 -1
  96. package/dist/adapters/postgresql/schemas/performance.js +220 -0
  97. package/dist/adapters/postgresql/schemas/performance.js.map +1 -1
  98. package/dist/adapters/postgresql/schemas/postgis.d.ts +173 -0
  99. package/dist/adapters/postgresql/schemas/postgis.d.ts.map +1 -1
  100. package/dist/adapters/postgresql/schemas/postgis.js +279 -3
  101. package/dist/adapters/postgresql/schemas/postgis.js.map +1 -1
  102. package/dist/adapters/postgresql/schemas/schema-mgmt.d.ts +100 -0
  103. package/dist/adapters/postgresql/schemas/schema-mgmt.d.ts.map +1 -1
  104. package/dist/adapters/postgresql/schemas/schema-mgmt.js +133 -0
  105. package/dist/adapters/postgresql/schemas/schema-mgmt.js.map +1 -1
  106. package/dist/adapters/postgresql/schemas/stats.d.ts +248 -4
  107. package/dist/adapters/postgresql/schemas/stats.d.ts.map +1 -1
  108. package/dist/adapters/postgresql/schemas/stats.js +362 -0
  109. package/dist/adapters/postgresql/schemas/stats.js.map +1 -1
  110. package/dist/adapters/postgresql/schemas/text-search.d.ts +47 -0
  111. package/dist/adapters/postgresql/schemas/text-search.d.ts.map +1 -1
  112. package/dist/adapters/postgresql/schemas/text-search.js +66 -1
  113. package/dist/adapters/postgresql/schemas/text-search.js.map +1 -1
  114. package/dist/adapters/postgresql/schemas/vector.d.ts +252 -0
  115. package/dist/adapters/postgresql/schemas/vector.d.ts.map +1 -1
  116. package/dist/adapters/postgresql/schemas/vector.js +373 -0
  117. package/dist/adapters/postgresql/schemas/vector.js.map +1 -1
  118. package/dist/adapters/postgresql/tools/admin.d.ts.map +1 -1
  119. package/dist/adapters/postgresql/tools/admin.js +37 -7
  120. package/dist/adapters/postgresql/tools/admin.js.map +1 -1
  121. package/dist/adapters/postgresql/tools/backup/dump.d.ts.map +1 -1
  122. package/dist/adapters/postgresql/tools/backup/dump.js +64 -52
  123. package/dist/adapters/postgresql/tools/backup/dump.js.map +1 -1
  124. package/dist/adapters/postgresql/tools/backup/planning.d.ts.map +1 -1
  125. package/dist/adapters/postgresql/tools/backup/planning.js +181 -172
  126. package/dist/adapters/postgresql/tools/backup/planning.js.map +1 -1
  127. package/dist/adapters/postgresql/tools/citext.d.ts.map +1 -1
  128. package/dist/adapters/postgresql/tools/citext.js +9 -1
  129. package/dist/adapters/postgresql/tools/citext.js.map +1 -1
  130. package/dist/adapters/postgresql/tools/codemode/index.d.ts +11 -0
  131. package/dist/adapters/postgresql/tools/codemode/index.d.ts.map +1 -1
  132. package/dist/adapters/postgresql/tools/codemode/index.js +33 -0
  133. package/dist/adapters/postgresql/tools/codemode/index.js.map +1 -1
  134. package/dist/adapters/postgresql/tools/core/convenience.d.ts.map +1 -1
  135. package/dist/adapters/postgresql/tools/core/convenience.js +31 -5
  136. package/dist/adapters/postgresql/tools/core/convenience.js.map +1 -1
  137. package/dist/adapters/postgresql/tools/core/health.d.ts.map +1 -1
  138. package/dist/adapters/postgresql/tools/core/health.js +12 -4
  139. package/dist/adapters/postgresql/tools/core/health.js.map +1 -1
  140. package/dist/adapters/postgresql/tools/core/indexes.d.ts.map +1 -1
  141. package/dist/adapters/postgresql/tools/core/indexes.js +4 -0
  142. package/dist/adapters/postgresql/tools/core/indexes.js.map +1 -1
  143. package/dist/adapters/postgresql/tools/core/objects.d.ts.map +1 -1
  144. package/dist/adapters/postgresql/tools/core/objects.js +4 -1
  145. package/dist/adapters/postgresql/tools/core/objects.js.map +1 -1
  146. package/dist/adapters/postgresql/tools/core/query.d.ts.map +1 -1
  147. package/dist/adapters/postgresql/tools/core/query.js +6 -3
  148. package/dist/adapters/postgresql/tools/core/query.js.map +1 -1
  149. package/dist/adapters/postgresql/tools/core/schemas.d.ts +165 -0
  150. package/dist/adapters/postgresql/tools/core/schemas.d.ts.map +1 -1
  151. package/dist/adapters/postgresql/tools/core/schemas.js +242 -0
  152. package/dist/adapters/postgresql/tools/core/schemas.js.map +1 -1
  153. package/dist/adapters/postgresql/tools/core/tables.d.ts.map +1 -1
  154. package/dist/adapters/postgresql/tools/core/tables.js +11 -2
  155. package/dist/adapters/postgresql/tools/core/tables.js.map +1 -1
  156. package/dist/adapters/postgresql/tools/cron.d.ts.map +1 -1
  157. package/dist/adapters/postgresql/tools/cron.js +12 -2
  158. package/dist/adapters/postgresql/tools/cron.js.map +1 -1
  159. package/dist/adapters/postgresql/tools/jsonb/advanced.d.ts.map +1 -1
  160. package/dist/adapters/postgresql/tools/jsonb/advanced.js +56 -46
  161. package/dist/adapters/postgresql/tools/jsonb/advanced.js.map +1 -1
  162. package/dist/adapters/postgresql/tools/jsonb/basic.d.ts.map +1 -1
  163. package/dist/adapters/postgresql/tools/jsonb/basic.js +114 -72
  164. package/dist/adapters/postgresql/tools/jsonb/basic.js.map +1 -1
  165. package/dist/adapters/postgresql/tools/kcache.d.ts.map +1 -1
  166. package/dist/adapters/postgresql/tools/kcache.js +55 -16
  167. package/dist/adapters/postgresql/tools/kcache.js.map +1 -1
  168. package/dist/adapters/postgresql/tools/ltree.d.ts.map +1 -1
  169. package/dist/adapters/postgresql/tools/ltree.js +16 -1
  170. package/dist/adapters/postgresql/tools/ltree.js.map +1 -1
  171. package/dist/adapters/postgresql/tools/monitoring.d.ts.map +1 -1
  172. package/dist/adapters/postgresql/tools/monitoring.js +19 -7
  173. package/dist/adapters/postgresql/tools/monitoring.js.map +1 -1
  174. package/dist/adapters/postgresql/tools/partitioning.d.ts.map +1 -1
  175. package/dist/adapters/postgresql/tools/partitioning.js +80 -1
  176. package/dist/adapters/postgresql/tools/partitioning.js.map +1 -1
  177. package/dist/adapters/postgresql/tools/partman/management.d.ts.map +1 -1
  178. package/dist/adapters/postgresql/tools/partman/management.js +9 -2
  179. package/dist/adapters/postgresql/tools/partman/management.js.map +1 -1
  180. package/dist/adapters/postgresql/tools/partman/operations.d.ts.map +1 -1
  181. package/dist/adapters/postgresql/tools/partman/operations.js +11 -4
  182. package/dist/adapters/postgresql/tools/partman/operations.js.map +1 -1
  183. package/dist/adapters/postgresql/tools/performance/analysis.d.ts.map +1 -1
  184. package/dist/adapters/postgresql/tools/performance/analysis.js +4 -0
  185. package/dist/adapters/postgresql/tools/performance/analysis.js.map +1 -1
  186. package/dist/adapters/postgresql/tools/performance/explain.d.ts.map +1 -1
  187. package/dist/adapters/postgresql/tools/performance/explain.js +4 -1
  188. package/dist/adapters/postgresql/tools/performance/explain.js.map +1 -1
  189. package/dist/adapters/postgresql/tools/performance/monitoring.d.ts.map +1 -1
  190. package/dist/adapters/postgresql/tools/performance/monitoring.js +10 -8
  191. package/dist/adapters/postgresql/tools/performance/monitoring.js.map +1 -1
  192. package/dist/adapters/postgresql/tools/performance/optimization.d.ts.map +1 -1
  193. package/dist/adapters/postgresql/tools/performance/optimization.js +4 -0
  194. package/dist/adapters/postgresql/tools/performance/optimization.js.map +1 -1
  195. package/dist/adapters/postgresql/tools/performance/stats.d.ts.map +1 -1
  196. package/dist/adapters/postgresql/tools/performance/stats.js +13 -1
  197. package/dist/adapters/postgresql/tools/performance/stats.js.map +1 -1
  198. package/dist/adapters/postgresql/tools/pgcrypto.d.ts.map +1 -1
  199. package/dist/adapters/postgresql/tools/pgcrypto.js +18 -9
  200. package/dist/adapters/postgresql/tools/pgcrypto.js.map +1 -1
  201. package/dist/adapters/postgresql/tools/postgis/advanced.d.ts.map +1 -1
  202. package/dist/adapters/postgresql/tools/postgis/advanced.js +41 -6
  203. package/dist/adapters/postgresql/tools/postgis/advanced.js.map +1 -1
  204. package/dist/adapters/postgresql/tools/postgis/basic.d.ts.map +1 -1
  205. package/dist/adapters/postgresql/tools/postgis/basic.js +13 -3
  206. package/dist/adapters/postgresql/tools/postgis/basic.js.map +1 -1
  207. package/dist/adapters/postgresql/tools/postgis/standalone.d.ts.map +1 -1
  208. package/dist/adapters/postgresql/tools/postgis/standalone.js +6 -1
  209. package/dist/adapters/postgresql/tools/postgis/standalone.js.map +1 -1
  210. package/dist/adapters/postgresql/tools/schema.d.ts.map +1 -1
  211. package/dist/adapters/postgresql/tools/schema.js +33 -3
  212. package/dist/adapters/postgresql/tools/schema.js.map +1 -1
  213. package/dist/adapters/postgresql/tools/stats/advanced.d.ts.map +1 -1
  214. package/dist/adapters/postgresql/tools/stats/advanced.js +59 -20
  215. package/dist/adapters/postgresql/tools/stats/advanced.js.map +1 -1
  216. package/dist/adapters/postgresql/tools/stats/basic.d.ts.map +1 -1
  217. package/dist/adapters/postgresql/tools/stats/basic.js +35 -13
  218. package/dist/adapters/postgresql/tools/stats/basic.js.map +1 -1
  219. package/dist/adapters/postgresql/tools/text.d.ts.map +1 -1
  220. package/dist/adapters/postgresql/tools/text.js +54 -33
  221. package/dist/adapters/postgresql/tools/text.js.map +1 -1
  222. package/dist/adapters/postgresql/tools/transactions.d.ts.map +1 -1
  223. package/dist/adapters/postgresql/tools/transactions.js +10 -1
  224. package/dist/adapters/postgresql/tools/transactions.js.map +1 -1
  225. package/dist/adapters/postgresql/tools/vector/advanced.d.ts.map +1 -1
  226. package/dist/adapters/postgresql/tools/vector/advanced.js +81 -43
  227. package/dist/adapters/postgresql/tools/vector/advanced.js.map +1 -1
  228. package/dist/adapters/postgresql/tools/vector/basic.d.ts +8 -0
  229. package/dist/adapters/postgresql/tools/vector/basic.d.ts.map +1 -1
  230. package/dist/adapters/postgresql/tools/vector/basic.js +175 -57
  231. package/dist/adapters/postgresql/tools/vector/basic.js.map +1 -1
  232. package/dist/cli/args.d.ts +2 -0
  233. package/dist/cli/args.d.ts.map +1 -1
  234. package/dist/cli/args.js +15 -0
  235. package/dist/cli/args.js.map +1 -1
  236. package/dist/cli.js +7 -6
  237. package/dist/cli.js.map +1 -1
  238. package/dist/codemode/api.d.ts.map +1 -1
  239. package/dist/codemode/api.js +7 -2
  240. package/dist/codemode/api.js.map +1 -1
  241. package/dist/constants/ServerInstructions.d.ts +1 -1
  242. package/dist/constants/ServerInstructions.d.ts.map +1 -1
  243. package/dist/constants/ServerInstructions.js +45 -35
  244. package/dist/constants/ServerInstructions.js.map +1 -1
  245. package/dist/filtering/ToolConstants.d.ts +29 -13
  246. package/dist/filtering/ToolConstants.d.ts.map +1 -1
  247. package/dist/filtering/ToolConstants.js +45 -27
  248. package/dist/filtering/ToolConstants.js.map +1 -1
  249. package/dist/types/adapters.d.ts +2 -0
  250. package/dist/types/adapters.d.ts.map +1 -1
  251. package/dist/types/oauth.d.ts +4 -0
  252. package/dist/types/oauth.d.ts.map +1 -1
  253. package/dist/utils/fts-config.d.ts +38 -0
  254. package/dist/utils/fts-config.d.ts.map +1 -0
  255. package/dist/utils/fts-config.js +64 -0
  256. package/dist/utils/fts-config.js.map +1 -0
  257. package/dist/utils/identifiers.d.ts +21 -0
  258. package/dist/utils/identifiers.d.ts.map +1 -1
  259. package/dist/utils/identifiers.js +48 -0
  260. package/dist/utils/identifiers.js.map +1 -1
  261. package/dist/utils/logger.d.ts +22 -1
  262. package/dist/utils/logger.d.ts.map +1 -1
  263. package/dist/utils/logger.js +73 -16
  264. package/dist/utils/logger.js.map +1 -1
  265. package/dist/utils/progress-utils.d.ts +44 -0
  266. package/dist/utils/progress-utils.d.ts.map +1 -0
  267. package/dist/utils/progress-utils.js +75 -0
  268. package/dist/utils/progress-utils.js.map +1 -0
  269. package/dist/utils/where-clause.d.ts +39 -0
  270. package/dist/utils/where-clause.d.ts.map +1 -0
  271. package/dist/utils/where-clause.js +123 -0
  272. package/dist/utils/where-clause.js.map +1 -0
  273. package/package.json +8 -8
package/dist/utils/where-clause.js ADDED
@@ -0,0 +1,123 @@
1
+ /**
2
+ * postgres-mcp - WHERE Clause Validation
3
+ *
4
+ * Validates WHERE clause parameters to prevent SQL injection.
5
+ * Uses a blocklist approach to reject dangerous patterns while
6
+ * allowing legitimate complex conditions.
7
+ */
8
+ /**
9
+ * Error thrown when an unsafe WHERE clause is detected
10
+ */
11
+ export class UnsafeWhereClauseError extends Error {
12
+ constructor(reason) {
13
+ super(`Unsafe WHERE clause: ${reason}`);
14
+ this.name = "UnsafeWhereClauseError";
15
+ }
16
+ }
17
+ /**
18
+ * Dangerous SQL patterns that should never appear in WHERE clauses.
19
+ * These patterns indicate SQL injection attempts.
20
+ */
21
+ const DANGEROUS_PATTERNS = [
22
+ // Statement terminators and new statements
23
+ {
24
+ pattern: /;\s*(DROP|DELETE|TRUNCATE|INSERT|UPDATE|CREATE|ALTER|GRANT|REVOKE)/i,
25
+ reason: "contains statement terminator followed by dangerous keyword",
26
+ },
27
+ // Trailing semicolons (potential statement injection)
28
+ {
29
+ pattern: /;\s*$/,
30
+ reason: "contains trailing semicolon",
31
+ },
32
+ // SQL comments (can be used to comment out security checks)
33
+ {
34
+ pattern: /--/,
35
+ reason: "contains SQL line comment",
36
+ },
37
+ {
38
+ pattern: /\/\*/,
39
+ reason: "contains SQL block comment",
40
+ },
41
+ // UNION injection (data exfiltration)
42
+ {
43
+ pattern: /\bUNION\s+(ALL\s+)?SELECT\b/i,
44
+ reason: "contains UNION SELECT",
45
+ },
46
+ // File operations
47
+ {
48
+ pattern: /\bINTO\s+(OUT|DUMP)FILE\b/i,
49
+ reason: "contains file write operation",
50
+ },
51
+ {
52
+ pattern: /\bLOAD_FILE\s*\(/i,
53
+ reason: "contains file read operation",
54
+ },
55
+ // PostgreSQL specific dangerous functions
56
+ {
57
+ pattern: /\bpg_sleep\s*\(/i,
58
+ reason: "contains time-based injection function",
59
+ },
60
+ {
61
+ pattern: /\bpg_read_file\s*\(/i,
62
+ reason: "contains file read function",
63
+ },
64
+ {
65
+ pattern: /\bpg_read_binary_file\s*\(/i,
66
+ reason: "contains binary file read function",
67
+ },
68
+ {
69
+ pattern: /\bpg_ls_dir\s*\(/i,
70
+ reason: "contains directory listing function",
71
+ },
72
+ {
73
+ pattern: /\blo_import\s*\(/i,
74
+ reason: "contains large object import function",
75
+ },
76
+ {
77
+ pattern: /\blo_export\s*\(/i,
78
+ reason: "contains large object export function",
79
+ },
80
+ // System command execution
81
+ {
82
+ pattern: /\bCOPY\s+.*\s+(FROM|TO)\s+PROGRAM\b/i,
83
+ reason: "contains COPY PROGRAM (command execution)",
84
+ },
85
+ ];
86
+ /**
87
+ * Validates a WHERE clause for dangerous SQL patterns.
88
+ *
89
+ * This function uses a blocklist approach to detect and reject
90
+ * common SQL injection patterns. It allows legitimate complex
91
+ * conditions while blocking obvious attack vectors.
92
+ *
93
+ * @param where - The WHERE clause to validate
94
+ * @throws UnsafeWhereClauseError if a dangerous pattern is detected
95
+ *
96
+ * @example
97
+ * validateWhereClause("price > 10"); // OK
98
+ * validateWhereClause("status = 'active' AND id < 100"); // OK
99
+ * validateWhereClause("1=1; DROP TABLE users;--"); // Throws
100
+ * validateWhereClause("1=1 UNION SELECT * FROM pg_shadow"); // Throws
101
+ */
102
+ export function validateWhereClause(where) {
103
+ if (!where || typeof where !== "string") {
104
+ throw new UnsafeWhereClauseError("WHERE clause must be a non-empty string");
105
+ }
106
+ for (const { pattern, reason } of DANGEROUS_PATTERNS) {
107
+ if (pattern.test(where)) {
108
+ throw new UnsafeWhereClauseError(reason);
109
+ }
110
+ }
111
+ }
112
+ /**
113
+ * Validates and returns a safe WHERE clause.
114
+ *
115
+ * @param where - The WHERE clause to sanitize
116
+ * @returns The validated WHERE clause (unchanged if safe)
117
+ * @throws UnsafeWhereClauseError if a dangerous pattern is detected
118
+ */
119
+ export function sanitizeWhereClause(where) {
120
+ validateWhereClause(where);
121
+ return where;
122
+ }
123
+ //# sourceMappingURL=where-clause.js.map
package/dist/utils/where-clause.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"where-clause.js","sourceRoot":"","sources":["../../src/utils/where-clause.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/C,YAAY,MAAc;QACxB,KAAK,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,kBAAkB,GAA0C;IAChE,2CAA2C;IAC3C;QACE,OAAO,EACL,qEAAqE;QACvE,MAAM,EAAE,6DAA6D;KACtE;IACD,sDAAsD;IACtD;QACE,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE,6BAA6B;KACtC;IACD,4DAA4D;IAC5D;QACE,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,2BAA2B;KACpC;IACD;QACE,OAAO,EAAE,MAAM;QACf,MAAM,EAAE,4BAA4B;KACrC;IACD,sCAAsC;IACtC;QACE,OAAO,EAAE,8BAA8B;QACvC,MAAM,EAAE,uBAAuB;KAChC;IACD,kBAAkB;IAClB;QACE,OAAO,EAAE,4BAA4B;QACrC,MAAM,EAAE,+BAA+B;KACxC;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,8BAA8B;KACvC;IACD,0CAA0C;IAC1C;QACE,OAAO,EAAE,kBAAkB;QAC3B,MAAM,EAAE,wCAAwC;KACjD;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,MAAM,EAAE,6BAA6B;KACtC;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,oCAAoC;KAC7C;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,qCAAqC;KAC9C;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,uCAAuC;KAChD;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,uCAAuC;KAChD;IACD,2BAA2B;IAC3B;QACE,OAAO,EAAE,sCAAsC;QAC/C,MAAM,EAAE,2CAA2C;KACpD;CACF,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,sBAAsB,CAAC,yCAAyC,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACrD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC3B,OAAO,KAAK,CAAC;AACf,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@neverinfamous/postgres-mcp",
3
- "version": "1.0.2",
3
+ "version": "1.2.0",
4
4
  "mcpName": "io.github.neverinfamous/postgres-mcp",
5
5
  "description": "PostgreSQL MCP server with connection pooling, tool filtering, and full extension support",
6
6
  "type": "module",
@@ -45,21 +45,21 @@
45
45
  "node": ">=24.0.0"
46
46
  },
47
47
  "dependencies": {
48
- "@modelcontextprotocol/sdk": "^1.25.3",
49
- "commander": "^14.0.0",
48
+ "@modelcontextprotocol/sdk": "^1.26.0",
49
+ "commander": "^14.0.3",
50
50
  "jose": "^6.0.0",
51
- "pg": "^8.17.2",
51
+ "pg": "^8.18.0",
52
52
  "zod": "^4.3.6"
53
53
  },
54
54
  "devDependencies": {
55
55
  "@eslint/js": "^9.28.0",
56
- "@types/node": "^25.0.10",
56
+ "@types/node": "^25.2.3",
57
57
  "@types/pg": "^8.11.0",
58
58
  "@vitest/coverage-v8": "^4.0.18",
59
59
  "eslint": "^9.28.0",
60
- "globals": "^17.1.0",
60
+ "globals": "^17.3.0",
61
61
  "typescript": "^5.9.3",
62
- "typescript-eslint": "^8.53.1",
62
+ "typescript-eslint": "^8.55.0",
63
63
  "vitest": "^4.0.18"
64
64
  }
65
- }
65
+ }