Security¶
Trust model¶
SQLRules is a pure compiler. It does not connect to databases or execute SQL. Security boundaries are:
Installed Python packages — dialect plugins and custom
SQLRulesPluginobjects run arbitrary Python inregister(registry)atCompilerconstruction. Install only trusted plugins. There is no sandbox.Constraint values — translated into SQLAlchemy expressions with bound parameters (not string-built SQL). Classic SQL injection via constraint values is not a practical risk when using the public API.
Patterns / REGEXP / full-text — pattern strings and full-text queries are bound as parameters, but evaluation cost is engine-dependent. Untrusted
Field(pattern=...)orFullTextMatch(...)values can cause CPU denial of service (ReDoS / expensive regex), not injection. Treat patterns from untrusted input as a cost-control problem.
Pattern / REGEXP cost (elevated)¶
Surface |
Risk |
|---|---|
PostgreSQL |
Engine-side regex cost |
MySQL |
Engine-side regex cost |
SQLite |
Python |
Recommendations
Prefer static / allowlisted patterns authored with the model, not patterns taken from end-user input.
Do not expose free-form regex from untrusted clients on hot query paths.
For SQLite, understand that
register_regexpis not a sandbox; it runs Python’srein your process.Official dialect packages are released in lockstep with core — pin the same major line (
sqlrules>=1,<2and matching dialect extras).
Non-goals¶
SQLRules will not provide a plugin capability system, bytecode sandbox, or automatic dialect detection. See NON_GOALS.md.