agnes-the-ai-analyst

History

ZdenekSrotyr 569cd90d75 fix(security): #81 Group D — extractor-side identifier validation (squashed) (#97 ) Closes M15 from issue #81 — SQL injection via attacker-controlled identifiers in connectors/keboola/extractor.py and connectors/bigquery/extractor.py. Lifted _validate_identifier from src/orchestrator.py into a new src/identifier_validation.py shared module (single source of truth for both layers). Two validator policies: - validate_identifier (strict, ^[a-zA-Z_][a-zA-Z0-9_]{0,63}$) for table_name — matches the orchestrator's rebuild-time check, so dashed names fail fast at extraction rather than being silently dropped. - validate_quoted_identifier (relaxed, accepts dashes/dots) for bucket/dataset/source_table — Keboola in.c-foo and BigQuery my-dataset are legitimate, just need to be safe inside `"..."`. Both extractors skip-and-continue on unsafe rows (logged + counted in failure stats); _extract_via_extension re-validates as defense-in-depth. 71/71 extractor + orchestrator tests pass. Refs #81 Group D.	2026-04-27 21:46:17 +02:00
..
__init__.py	Add BigQuery data source adapter	2026-03-11 13:56:12 +01:00
extractor.py	fix(security): #81 Group D — extractor-side identifier validation (squashed) (#97 )	2026-04-27 21:46:17 +02:00

fix(security): #81 Group D — extractor-side identifier validation (squashed) (#97 )

Closes M15 from issue #81 — SQL injection via attacker-controlled
identifiers in connectors/keboola/extractor.py and
connectors/bigquery/extractor.py.

Lifted _validate_identifier from src/orchestrator.py into a new
src/identifier_validation.py shared module (single source of truth for
both layers). Two validator policies:

- validate_identifier (strict, ^[a-zA-Z_][a-zA-Z0-9_]{0,63}$) for
  table_name — matches the orchestrator's rebuild-time check, so dashed
  names fail fast at extraction rather than being silently dropped.
- validate_quoted_identifier (relaxed, accepts dashes/dots) for
  bucket/dataset/source_table — Keboola in.c-foo and BigQuery
  my-dataset are legitimate, just need to be safe inside `"..."`.

Both extractors skip-and-continue on unsafe rows (logged + counted in
failure stats); _extract_via_extension re-validates as defense-in-depth.

71/71 extractor + orchestrator tests pass.
Refs #81 Group D.

2026-04-27 21:46:17 +02:00

__init__.py

Add BigQuery data source adapter

2026-03-11 13:56:12 +01:00

extractor.py

fix(security): #81 Group D — extractor-side identifier validation (squashed) (#97 )

2026-04-27 21:46:17 +02:00