domain-rag-mcp-server 3.3.1 → 3.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.mjs +14 -4
  2. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -1712,10 +1712,20 @@ async function handleRawSql(args) {
1712
1712
  if (!normalizedSql.startsWith("select")) {
1713
1713
  return "Error: Only SELECT queries are allowed. Use SELECT to query data.";
1714
1714
  }
1715
- const dangerousKeywords = ["insert", "update", "delete", "drop", "truncate", "alter", "create", "grant", "revoke"];
1716
- for (const keyword of dangerousKeywords) {
1717
- if (normalizedSql.includes(keyword)) {
1718
- return `Error: Query contains forbidden keyword "${keyword}". Only SELECT queries are allowed.`;
1715
+ const dangerousPatterns = [
1716
+ /\binsert\s+into\b/i,
1717
+ /\bupdate\s+\w+\s+set\b/i,
1718
+ /\bdelete\s+from\b/i,
1719
+ /\bdrop\s+(table|index|database|schema)\b/i,
1720
+ /\btruncate\b/i,
1721
+ /\balter\s+(table|index|database|schema)\b/i,
1722
+ /\bcreate\s+(table|index|database|schema|or)\b/i,
1723
+ /\bgrant\b/i,
1724
+ /\brevoke\b/i
1725
+ ];
1726
+ for (const pattern of dangerousPatterns) {
1727
+ if (pattern.test(normalizedSql)) {
1728
+ return `Error: Query contains forbidden SQL statement. Only SELECT queries are allowed.`;
1719
1729
  }
1720
1730
  }
1721
1731
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "domain-rag-mcp-server",
3
- "version": "3.3.1",
3
+ "version": "3.3.2",
4
4
  "description": "MCP server for domain RAG search — connects to Qdrant + PostgreSQL + Code Search API for hybrid search across Jira, Confluence, Git commits, and server-side code repositories",
5
5
  "type": "module",
6
6
  "main": "dist/index.mjs",