LanceDBStorage interpolated caller-supplied scope paths and record IDs
directly into the WHERE clauses passed to LanceDB's where(), which
accepts a raw DataFusion SQL expression and does not support
parameterized queries. A malicious or unprivileged caller could escape
the configured scope sandbox -- for example, calling
delete(scope_prefix="/alpha' OR scope LIKE '/%") would wipe every
record in the table instead of just the /alpha subtree -- and ordinary
strings containing apostrophes (e.g. 'O''Brien') could crash the SQL
parser.
Add _escape_sql_str() and _escape_like() helpers and route every
user-controlled value through them in search(), delete(), reset(), and
the shared _scan_rows() reader. The LIKE clauses now also use
ESCAPE '\\' so % and _ in caller-supplied prefixes are treated as
literals instead of wildcards.
Adds tests/memory/test_lancedb_storage_security.py covering each
sink (search, delete by scope, delete by id, reset, scan-based
readers) with both injection payloads and legitimate apostrophe-
containing scopes/IDs.
6725d86304