Allow read-only queries that do not start with SELECT keyword

- I was finding it a bit restrictive to disallow any query that
doesn't start with "SELECT" because it is often useful to start
a select statement with a CTE ("WITH"), and to occasionally use
SHOW or DESCRIBE

- therefore, in the handler for the query tool, instead of
disallowing any query that doesn't start with the SELECT keyword,
parse the query into its component statements and disallow
if any of those component statements is a non-read-only operation

- add a dependency on sqlglot, for parsing the query

Author: griffithsbs

mcp_server_snowflake/main.py

@@ -22,6 +22,8 @@
 from mcp.server.models import InitializationOptions
 from mcp.server.lowlevel import NotificationOptions
 from dotenv import load_dotenv
+import sqlglot
+from sqlglot.errors import ParseError
 
 from mcp_server_snowflake.utils.snowflake_conn import (
     SnowflakeConfig,
@@ -346,9 +348,16 @@ async def handle_execute_query(
                 )
             ]
 
-        # Validate that the query is read-only (SELECT statement)
-        query = query.strip()
-        if not query.upper().startswith("SELECT "):
+        # Validate that the query is read-only
+        try:
+            parsed_statements = sqlglot.parse(query, dialect="snowflake")
+            read_only_types = {'select', 'show', 'describe', 'explain', 'with'}
+
+            for stmt in parsed_statements:
+                if stmt.key.lower() not in read_only_types:
+                    raise ParseError(f"Error: Only read-only queries are allowed. Found statement type: {stmt.key}")
+
+        except ParseError:
             return [
                 mcp_types.TextContent(
                     type="text",

pyproject.toml

@@ -16,6 +16,7 @@ dependencies = [
     "cryptography>=41.0.0",
     "mcp",
     "anyio>=3.7.1",
+    "sqlglot>=11.5.5"
 ]
 
 [project.scripts]