Skip to content

feat: implement clickhouse-user-query #2554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NathanFlurry wants to merge 1 commit into from
Closed

feat: implement clickhouse-user-query #2554

NathanFlurry wants to merge 1 commit into from

Conversation

@NathanFlurry
Copy link
Member

@NathanFlurry NathanFlurry commented Jun 5, 2025

Changes

This was referenced Jun 5, 2025
Closed
Closed
Closed
@NathanFlurry Graphite App
Copy link
Member Author

NathanFlurry commented Jun 5, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@NathanFlurry NathanFlurry mentioned this pull request Jun 5, 2025
Closed
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 5, 2025
edited
Loading

Deploying rivet with  Cloudflare Pages  Cloudflare Pages

Latest commit: 96dc117
Status: ✅  Deploy successful!
Preview URL: https://0335fa33.rivet.pages.dev
Branch Preview URL: https://06-05-feat-implement-clickho.rivet.pages.dev

View logs

@NathanFlurry NathanFlurry force-pushed the 06-05-feat_implement_clickhouse-user-query_ branch 2 times, most recently from 6164225 to 1a2c0b8 Compare June 8, 2025 19:09
@NathanFlurry NathanFlurry force-pushed the chore_add_Linux_ARM64_and_Windows_build_targets branch from fa06adb to c360977 Compare June 8, 2025 19:09
@NathanFlurry NathanFlurry mentioned this pull request Jun 8, 2025
Closed
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 8, 2025
edited
Loading

Deploying rivet-hub with  Cloudflare Pages  Cloudflare Pages

Latest commit: 96dc117
Status: ✅  Deploy successful!
Preview URL: https://0ab41450.rivet-hub-7jb.pages.dev
Branch Preview URL: https://06-05-feat-implement-clickho.rivet-hub-7jb.pages.dev

View logs

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 8, 2025
edited
Loading

Deploying rivet-studio with  Cloudflare Pages  Cloudflare Pages

Latest commit: 96dc117
Status:🚫  Build failed.

View logs

@NathanFlurry NathanFlurry marked this pull request as ready for review June 9, 2025 09:16
@NathanFlurry NathanFlurry requested a review from MasterPtato June 9, 2025 09:16
@NathanFlurry NathanFlurry mentioned this pull request Jun 9, 2025
Closed
greptile-apps[bot]
greptile-apps bot reviewed Jun 9, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

Implements a new clickhouse-user-query package that provides a type-safe, SQL-injection-protected way to build ClickHouse queries from user-defined expressions.

  • Implementation includes comprehensive schema validation and type checking in src/schema.rs to ensure query safety
  • Builder pattern in src/builder.rs supports complex WHERE clauses with boolean, string, numeric, and array comparisons
  • Robust error handling system in src/error.rs with custom error types for schema validation, property checking, and query validation
  • Full test coverage with integration tests using testcontainers for isolated ClickHouse instance testing
  • QueryExpr system in src/query.rs enables type-safe construction of parameterized queries with support for nested properties

11 file(s) reviewed, 5 comment(s)
Edit PR Review Bot Settings | Greptile

@MasterPtato MasterPtato changed the base branch from chore_add_Linux_ARM64_and_Windows_build_targets to graphite-base/2554 June 9, 2025 16:58
@NathanFlurry NathanFlurry force-pushed the 06-05-feat_implement_clickhouse-user-query_ branch from 1a2c0b8 to ec1d934 Compare June 9, 2025 18:59
@NathanFlurry NathanFlurry changed the base branch from graphite-base/2554 to chore_add_Linux_ARM64_and_Windows_build_targets June 9, 2025 18:59
@MasterPtato MasterPtato force-pushed the chore_add_Linux_ARM64_and_Windows_build_targets branch from 62fd12b to 6f45f25 Compare June 9, 2025 19:26
@MasterPtato MasterPtato force-pushed the 06-05-feat_implement_clickhouse-user-query_ branch from ec1d934 to 5d1b5e2 Compare June 9, 2025 19:26
This was referenced Jun 9, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@claude
Copy link

claude bot commented Jul 11, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read main library files and understand the implementation
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

@claude
Copy link

claude bot commented Jul 11, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read main library files and understand the implementation
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

This was referenced Jul 11, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@NathanFlurry NathanFlurry force-pushed the 07-03-fix_toolchain_mark_external_deps branch from 34d28a2 to ecc699b Compare July 12, 2025 00:27
@NathanFlurry NathanFlurry force-pushed the 06-05-feat_implement_clickhouse-user-query_ branch from 4511ae5 to 96dc117 Compare July 12, 2025 00:27
@claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read main library files and understand the implementation
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

@claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read main library files and understand the implementation
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

@MasterPtato MasterPtato force-pushed the 07-03-fix_toolchain_mark_external_deps branch from ecc699b to 34d28a2 Compare July 12, 2025 00:40
@MasterPtato MasterPtato force-pushed the 06-05-feat_implement_clickhouse-user-query_ branch from 96dc117 to 4511ae5 Compare July 12, 2025 00:40
@claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read repository guidelines (CLAUDE.md)
  • Examine main library files (builder.rs, error.rs, lib.rs, query.rs, schema.rs)
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

@claude
Copy link

claude bot commented Jul 12, 2025
edited
Loading

Claude finished @NathanFlurry's task —— View job

Code Review: clickhouse-user-query Package

Todo List:

  • Read repository guidelines (CLAUDE.md)
  • Examine main library files (builder.rs, error.rs, lib.rs, query.rs, schema.rs)
  • Analyze security concerns and potential vulnerabilities
  • Review code quality and best practices
  • Examine test coverage and approaches
  • Provide comprehensive feedback with specific recommendations

🔒 Critical Security Issues

1. SQL Injection Vulnerability (HIGH SEVERITY)

Location: packages/common/clickhouse-user-query/src/builder.rs:201

Ok(format!("{}[{}]", property_ident.0, format!("'{}'", subprop.replace("'", "\\'"))))

Issue: The subproperty escaping only handles single quotes but is vulnerable to other injection vectors:

  • Backticks: Could break out of string context
  • Backslashes: Could escape the closing quote
  • Other ClickHouse-specific characters: Could cause injection

Fix Required:

fn escape_clickhouse_string(s: &str) -> String {
    s.replace('\\', "\\\\")
     .replace('\'', "\\'")
     .replace('`', "\\`")
     .replace('\n', "\\n")
     .replace('\r', "\\r")
     .replace('\t', "\\t")
}

// Use in build_column_reference:
Ok(format!("{}[{}]", property_ident.0, format!("'{}'", escape_clickhouse_string(subprop))))

2. Potential Panic (MEDIUM SEVERITY)

Location: packages/common/clickhouse-user-query/src/schema.rs:66

if name.chars().next().unwrap().is_numeric() {

Issue: This will panic if name is empty, even though there's an empty check above.

Fix Required:

if name.chars().next().map_or(false, |c| c.is_numeric()) {
    return Err(UserQueryError::InvalidPropertyName(name.to_string()));
}

🛠️ Code Quality Issues

3. Missing Duplicate Property Validation

Location: packages/common/clickhouse-user-query/src/schema.rs:10-13

Issue: Schema::new() doesn't validate for duplicate property names, which could cause undefined behavior.

Fix Required:

pub fn new(properties: Vec<Property>) -> Result<Self> {
    let mut seen_names = std::collections::HashSet::new();
    for prop in &properties {
        if !seen_names.insert(&prop.name) {
            return Err(UserQueryError::DuplicatePropertyName(prop.name.clone()));
        }
    }
    Ok(Self { properties })
}

4. Missing Future Compatibility

Location: packages/common/clickhouse-user-query/src/error.rs:4

Issue: The UserQueryError enum should be marked as #[non_exhaustive] to allow adding new variants without breaking API compatibility.

Fix Required:

#[derive(Error, Debug)]
#[non_exhaustive]
pub enum UserQueryError {
    // ... existing variants
}

5. Identifier Escaping Inconsistency

Location: packages/common/clickhouse-user-query/src/builder.rs:196-204

Issue: The code uses Identifier from clickhouse crate for properties but manual escaping for subproperties, creating inconsistency.

Recommendation: Use consistent escaping approach throughout or document why different methods are used.

📊 Test Coverage Analysis

Strengths:

  • Comprehensive unit tests covering all query types and error cases
  • Integration tests with real ClickHouse container using testcontainers
  • Edge case testing including empty arrays, type mismatches, and invalid properties
  • Good error validation testing for all custom error types

Areas for Improvement:

  • Security testing: No tests specifically for SQL injection attempts
  • Subproperty escaping: Limited testing of special characters in subproperty names
  • Property validation: Could benefit from more comprehensive property name validation tests

🎯 Architecture & Design

Positive Aspects:

  • Strong type safety with compile-time validation
  • Proper parameterized queries preventing most SQL injection
  • Clean separation of concerns across modules
  • Comprehensive error handling with custom error types
  • Good documentation with clear examples

Suggestions:

  • Consider adding validation for subproperty names similar to property names
  • Add rate limiting or complexity limits for deeply nested query expressions
  • Consider adding query size limits to prevent resource exhaustion

📝 Minor Issues

  1. Missing error variant: Need DuplicatePropertyName error for schema validation
  2. Test property verification: packages/common/clickhouse-user-query/tests/schema_tests.rs:13 should verify Property attributes after creation
  3. Documentation: Could benefit from more security-focused documentation about proper usage

✅ Recommendations

  1. IMMEDIATE: Fix the SQL injection vulnerability in build_column_reference
  2. IMMEDIATE: Fix the potential panic in validate_property_name
  3. HIGH: Add duplicate property name validation
  4. MEDIUM: Add #[non_exhaustive] to error enum
  5. MEDIUM: Add security-focused tests for injection attempts
  6. LOW: Improve consistency in identifier escaping approaches

🔍 Overall Assessment

The implementation demonstrates solid understanding of type safety and parameterized queries, but has a critical security vulnerability that must be addressed before merging. The architecture is well-designed with good separation of concerns and comprehensive testing, but needs immediate security fixes.

Status: ❌ CHANGES REQUESTED - Critical security issue must be resolved

@graphite-app
Copy link
Contributor

graphite-app bot commented Jul 12, 2025
edited
Loading

Merge activity

  • Jul 12, 12:58 AM UTC: NathanFlurry added this pull request to the Graphite merge queue.
  • Jul 12, 1:00 AM UTC: CI is running for this pull request on a draft pull request (#2745) due to your merge queue CI optimization settings.
  • Jul 12, 1:01 AM UTC: Merged by the Graphite merge queue via draft PR: #2745.

graphite-app bot pushed a commit that referenced this pull request Jul 12, 2025
@NathanFlurry
feat: implement clickhouse-user-query (#2554)
4ceeadd 
<!-- Please make sure there is an issue that this PR is correlated to. -->

## Changes

<!-- If there are frontend changes, please include screenshots. -->
@graphite-app graphite-app bot closed this Jul 12, 2025
@graphite-app graphite-app bot deleted the 06-05-feat_implement_clickhouse-user-query_ branch July 12, 2025 01:01
@github-actions github-actions bot mentioned this pull request Jul 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@MasterPtato MasterPtato Awaiting requested review from MasterPtato

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NathanFlurry @MasterPtato