Skip to content

Address PR review feedback: DRY violations, error handling, and sanitizer edge cases#7

Merged
MaksimShevtsov merged 2 commits into
001-sql-projection-enginefrom
copilot/sub-pr-6
Feb 17, 2026
Merged

Address PR review feedback: DRY violations, error handling, and sanitizer edge cases#7
MaksimShevtsov merged 2 commits into
001-sql-projection-enginefrom
copilot/sub-pr-6

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 17, 2026
edited
Loading

Addresses 8 review comments on the inline SQL support PR covering code duplication, inconsistent error handling, and sanitizer gaps for SQL dialect-specific syntax.

Core fixes

  • Deduplicated _resolve_sql: Moved from engine.py and transaction.py to params.py as shared resolve_sql() function
  • Transaction error handling: All transaction methods now wrap adapter.execute in try-except to raise ParameterBindingError with label context, matching engine behavior
  • Registry key validation: Reject keys containing whitespace during SQLRegistry._load() to prevent ambiguity with inline SQL detection

Sanitizer robustness

Extended _tokenize() to handle SQL dialect-specific quoting:

# Now preserves identifiers in all three styles
_tokenize('SELECT "col--1", `col--2`, \'str--3\' FROM t -- comment')
# Returns: [('code', 'SELECT '), ('identifier', '"col--1"'), ('code', ', '), 
#           ('identifier', '`col--2`'), ('code', ', '), ('string', '\'str--3\''), ...]
  • Double-quoted identifiers ("name"): PostgreSQL, MySQL ANSI_QUOTES mode
  • Backtick identifiers (`name`): MySQL standard
  • Unterminated literal detection: Raises SQLSanitizationError for unclosed strings/identifiers

Documentation

  • SQL injection warning: Added prominent security notice to SQLSanitizer docstring with unsafe/safe examples
  • Parameter style note: Documented :name (registry) vs ? (inline SQL) distinction in coerce_params()

All changes maintain backward compatibility.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Feb 17, 2026
Merged
5 tasks
@MaksimShevtsov
Move _resolve_sql to shared location and add error handling to transa…
8502291 
…ction methods

Co-authored-by: MaksimShevtsov <20194438+MaksimShevtsov@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Feb 17, 2026

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • astral.sh
    • Triggering command: /usr/bin/curl curl -LsSf REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add inline SQL support with configurable sanitization Address PR review feedback: DRY violations, error handling, and sanitizer edge cases Feb 17, 2026
Copilot AI requested a review from MaksimShevtsov February 17, 2026 22:06
@MaksimShevtsov MaksimShevtsov marked this pull request as ready for review February 17, 2026 22:08
@MaksimShevtsov MaksimShevtsov merged commit c69f5e3 into 001-sql-projection-engine Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MaksimShevtsov MaksimShevtsov Awaiting requested review from MaksimShevtsov

Assignees

@MaksimShevtsov MaksimShevtsov

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MaksimShevtsov