andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-08 20:18:16 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
Files
4bac017eb4e336e722dde9f3ad2c74c209f6767f
crewAI/lib
History
Alex c8bb781604 fix: expand _WRITE_COMMANDS and block multi-statement semicolon injection 
- Add missing write commands: UPSERT, LOAD, COPY, VACUUM, ANALYZE,
  ANALYSE, REINDEX, CLUSTER, REFRESH, COMMENT, SET, RESET
- _validate_query() now splits on ';' and validates each statement
  independently; multi-statement queries are rejected outright in
  read-only mode to prevent 'SELECT 1; DROP TABLE users' bypass
- Extract single-statement logic into _validate_statement() helper
- Add TestSemicolonInjection and TestExtendedWriteCommands test classes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 09:17:34 -07:00
..
crewai
fix: address CI lint failures and remove unused import
2026-04-07 09:17:34 -07:00
crewai-files
feat: bump versions to 1.14.0a4
2026-04-07 23:22:58 +08:00
crewai-tools
fix: expand _WRITE_COMMANDS and block multi-statement semicolon injection
2026-04-07 09:17:34 -07:00
devtools
feat: bump versions to 1.14.0a4
2026-04-07 23:22:58 +08:00