andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-15 15:32:40 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
2,210 Commits 1,061 Branches 181 Tags
4bac017eb4e336e722dde9f3ad2c74c209f6767f
Commit Graph

3 Commits

Author SHA1 Message Date
Alex
c8bb781604 fix: expand _WRITE_COMMANDS and block multi-statement semicolon injection 
- Add missing write commands: UPSERT, LOAD, COPY, VACUUM, ANALYZE,
  ANALYSE, REINDEX, CLUSTER, REFRESH, COMMENT, SET, RESET
- _validate_query() now splits on ';' and validates each statement
  independently; multi-statement queries are rejected outright in
  read-only mode to prevent 'SELECT 1; DROP TABLE users' bypass
- Extract single-statement logic into _validate_statement() helper
- Add TestSemicolonInjection and TestExtendedWriteCommands test classes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-07 09:17:34 -07:00
Alex
84014abe03 fix: address CI lint failures and remove unused import 
- Remove unused `sessionmaker` import from test_nl2sql_security.py
- Use `Self` return type on `_apply_env_override` (fixes UP037/F821)
- Fix ruff errors auto-fixed in lib/crewai (UP007, etc.)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-07 09:17:34 -07:00
Alex
446d4e1267 fix: harden NL2SQLTool — read-only by default, parameterized queries, query validation 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-07 09:17:34 -07:00