Skip to main content
SQL query validation and injection detection.

Overview

The SQL Engine validates queries for:
  • SQL injection patterns
  • Destructive operations
  • Schema compliance
  • Syntax correctness

Usage

result = client.verify_sql(
    query="SELECT * FROM users WHERE id = 1",
    schema="CREATE TABLE users (id INT, name TEXT)"
)
print(result.verified)  # True

Injection Detection

# SQL injection pattern
result = client.verify_sql("SELECT * FROM users; DROP TABLE users; --")
print(result.status)  # "BLOCKED"
print(result.vulnerabilities)
# [{"type": "injection", "message": "Chained DROP statement"}]

Detected Patterns

PatternRiskExample
Comment injectionCritical; --
OR injectionCritical' OR '1'='1
UNION injectionCriticalUNION SELECT
Chained DROPCritical; DROP TABLE

Destructive Operations

# Destructive query
result = client.verify_sql("DELETE FROM users")
print(result.status)  # "FAILED"
print(result.vulnerabilities)
# [{"type": "destructive_delete", "severity": "high"}]
OperationSeverity
DROPCritical
DELETEHigh
TRUNCATEHigh
UPDATEHigh

Supported Dialects

  • PostgreSQL
  • MySQL
  • SQLite
  • SQL Server
  • BigQuery
result = client.verify_sql(query, schema, dialect="postgresql")