andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-05 01:02:37 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
Files
9a9cb48d09f14102649c417ac7f382e7c23fe53f
crewAI/lib
History
Devin AI 9a9cb48d09 fix: prevent SQL injection in SnowflakeSearchTool and NL2SQLTool 
- Add identifier validation regex to database and snowflake_schema fields
  in SnowflakeSearchToolInput to reject malicious values at schema level
- Add _validate_identifier() runtime check in SnowflakeSearchTool._run()
  and double-quote identifiers in USE DATABASE/SCHEMA SQL statements
- Add _validate_identifier() to NL2SQLTool to sanitize table_name in
  _fetch_all_available_columns() preventing second-order SQL injection
- Add comprehensive tests for both tools covering injection vectors

Closes #4993

Co-Authored-By: João <joao@crewai.com>
2026-03-20 20:15:14 +00:00
..
crewai
fix: pass cache_function from BaseTool to CrewStructuredTool
2026-03-20 16:04:52 -04:00
crewai-files
feat: bump versions to 1.11.0
2026-03-18 09:30:05 -04:00
crewai-tools
fix: prevent SQL injection in SnowflakeSearchTool and NL2SQLTool
2026-03-20 20:15:14 +00:00
devtools
fix(devtools): consolidate prerelease changelogs into stable releases
2026-03-19 17:16:18 -04:00