mcp-dbutils 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. mcp_dbutils/base.py +16 -15
  2. {mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/METADATA +1 -1
  3. {mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/RECORD +6 -6
  4. {mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/WHEEL +0 -0
  5. {mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/entry_points.txt +0 -0
  6. {mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/licenses/LICENSE +0 -0
mcp_dbutils/base.py CHANGED
@@ -188,8 +188,8 @@ class ConnectionHandler(ABC):
188
188
  if "row" in result and "affected" in result:
189
189
  # 从结果字符串中提取受影响的行数
190
190
  import re
191
- # 使用更安全的正则表达式,避免回溯问题
192
- match = re.search(r"(\d+) rows?", result)
191
+ # 限制数字长度,避免DoS风险
192
+ match = re.search(r"(\d{1,10}) rows?", result)
193
193
  if match:
194
194
  affected_rows = int(match.group(1))
195
195
  except Exception:
@@ -601,7 +601,7 @@ class ConnectionServer:
601
601
  # Default fallback
602
602
  return "unknown_table"
603
603
 
604
- async def _check_write_permission(self, connection: str, table_name: str, operation_type: str) -> bool:
604
+ async def _check_write_permission(self, connection: str, table_name: str, operation_type: str) -> None:
605
605
  """检查写操作权限
606
606
 
607
607
  Args:
@@ -609,9 +609,6 @@ class ConnectionServer:
609
609
  table_name: 表名
610
610
  operation_type: 操作类型 (INSERT, UPDATE, DELETE)
611
611
 
612
- Returns:
613
- bool: 是否有权限执行写操作
614
-
615
612
  Raises:
616
613
  ConfigurationError: 如果连接不可写或没有表级权限
617
614
  """
@@ -626,7 +623,10 @@ class ConnectionServer:
626
623
  write_permissions = db_config.get("write_permissions", {})
627
624
  if not write_permissions:
628
625
  # 没有细粒度权限控制,默认允许所有写操作
629
- return True
626
+ return
627
+
628
+ # 将表名转换为小写,用于大小写不敏感的比较
629
+ table_name_lower = table_name.lower()
630
630
 
631
631
  # 检查表级权限
632
632
  tables = write_permissions.get("tables", {})
@@ -634,19 +634,22 @@ class ConnectionServer:
634
634
  # 没有表级权限配置,检查默认策略
635
635
  default_policy = write_permissions.get("default_policy", "read_only")
636
636
  if default_policy == "allow_all":
637
- return True
637
+ return
638
638
  else:
639
639
  # 默认只读
640
640
  raise ConfigurationError(WRITE_OPERATION_NOT_ALLOWED_ERROR.format(
641
641
  operation=operation_type, table=table_name
642
642
  ))
643
643
 
644
- # 检查特定表的权限
645
- if table_name in tables:
646
- table_config = tables[table_name]
644
+ # 创建表名到配置的映射,支持大小写不敏感的比较
645
+ tables_lower = {k.lower(): v for k, v in tables.items()}
646
+
647
+ # 检查特定表的权限(大小写不敏感)
648
+ if table_name_lower in tables_lower:
649
+ table_config = tables_lower[table_name_lower]
647
650
  operations = table_config.get("operations", ["INSERT", "UPDATE", "DELETE"])
648
651
  if operation_type in operations:
649
- return True
652
+ return
650
653
  else:
651
654
  raise ConfigurationError(WRITE_OPERATION_NOT_ALLOWED_ERROR.format(
652
655
  operation=operation_type, table=table_name
@@ -655,15 +658,13 @@ class ConnectionServer:
655
658
  # 表未明确配置,检查默认策略
656
659
  default_policy = write_permissions.get("default_policy", "read_only")
657
660
  if default_policy == "allow_all":
658
- return True
661
+ return
659
662
  else:
660
663
  # 默认只读
661
664
  raise ConfigurationError(WRITE_OPERATION_NOT_ALLOWED_ERROR.format(
662
665
  operation=operation_type, table=table_name
663
666
  ))
664
667
 
665
- return False
666
-
667
668
  def _create_handler_for_type(
668
669
  self, db_type: str, connection: str
669
670
  ) -> ConnectionHandler:
{mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: mcp-dbutils
3
- Version: 1.0.0
3
+ Version: 1.0.2
4
4
  Summary: MCP Database Utilities Service
5
5
  Author: Dong Hao
6
6
  License-Expression: MIT
{mcp_dbutils-1.0.0.dist-info → mcp_dbutils-1.0.2.dist-info}/RECORD RENAMED
@@ -1,6 +1,6 @@
1
1
  mcp_dbutils/__init__.py,sha256=6LLccQv7je2L4IpY_I3OzSJZcK32VUDJv2IY31y6eYg,1900
2
2
  mcp_dbutils/audit.py,sha256=U-Fd511HxOQH4BxfCXgd4KyaBLESEBnGsPkUNviSTwc,7294
3
- mcp_dbutils/base.py,sha256=ao2md_bsbK5s_vsO--m-sZLPfiMp6f_MUVL9o0KzKIA,61720
3
+ mcp_dbutils/base.py,sha256=2KhuovVvSUHV664ppLy1LO4a-CfN2rBF-BrP6eHzIb4,61907
4
4
  mcp_dbutils/config.py,sha256=zwN9yPKv4WvEPG3WIRT6uBVZSRxFniSmN2kEog7KPcI,5921
5
5
  mcp_dbutils/log.py,sha256=mqxi6I_IL-MF1F_pxBtnYZQKOHbGBJ74gsvZHVelr1w,823
6
6
  mcp_dbutils/stats.py,sha256=wMqWPfGnEOg9v5YBtTsARV-1YsFUMM_pKdzitzSU9x4,7137
@@ -16,8 +16,8 @@ mcp_dbutils/sqlite/__init__.py,sha256=fK_3-WylCBYpBAzwuopi8hlwoIGJm2TPAlwcPWG46I
16
16
  mcp_dbutils/sqlite/config.py,sha256=rsfAE8yaCVZC39ziXssqsi0EXUOEWA-MtKHvrO-6jG4,4933
17
17
  mcp_dbutils/sqlite/handler.py,sha256=vpkyCow26hpBqigNUNW0VGyWhsTz8uFflssM7K-FJi4,21882
18
18
  mcp_dbutils/sqlite/server.py,sha256=EBKNKz_wTvChwg6BZlvZIBA1H5mmE2NiNEMOgu_CMy4,7373
19
- mcp_dbutils-1.0.0.dist-info/METADATA,sha256=qwZMwl9JMQAydeUitTQ_zOhmzE2FplxliOYY03O39OQ,8440
20
- mcp_dbutils-1.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
21
- mcp_dbutils-1.0.0.dist-info/entry_points.txt,sha256=XTjt0QmYRgKOJQT6skR9bp1EMUfIrgpHeZJPZ3CJffs,49
22
- mcp_dbutils-1.0.0.dist-info/licenses/LICENSE,sha256=1A_CwpWVlbjrKdVEYO77vYfnXlW7oxcilZ8FpA_BzCI,1065
23
- mcp_dbutils-1.0.0.dist-info/RECORD,,
19
+ mcp_dbutils-1.0.2.dist-info/METADATA,sha256=hZm7hYfZKEzyNJmYCFNPvdXq0JNkJVOj4IJDbfOuihE,8440
20
+ mcp_dbutils-1.0.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
21
+ mcp_dbutils-1.0.2.dist-info/entry_points.txt,sha256=XTjt0QmYRgKOJQT6skR9bp1EMUfIrgpHeZJPZ3CJffs,49
22
+ mcp_dbutils-1.0.2.dist-info/licenses/LICENSE,sha256=1A_CwpWVlbjrKdVEYO77vYfnXlW7oxcilZ8FpA_BzCI,1065
23
+ mcp_dbutils-1.0.2.dist-info/RECORD,,