forked from amidaware/tacticalrmm
-
Notifications
You must be signed in to change notification settings - Fork 0
Update dependency sqlparse to v0.5.5 #49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ivan-flamingo
wants to merge
1
commit into
develop
Choose a base branch
from
renovate/sqlparse-0.x
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1
−1
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🏁 Script executed:
Repository: flamingo-stack/tacticalrmm
Length of output: 1391
🏁 Script executed:
Repository: flamingo-stack/tacticalrmm
Length of output: 52
🏁 Script executed:
Repository: flamingo-stack/tacticalrmm
Length of output: 125
🌐 Web query:
sqlparse 0.5.5 DoS protection raises SQLParseError instead of returning None💡 Result:
In sqlparse version 0.5.5, a change was implemented to address issue
#827, ensuring that the library raises a SQLParseError instead of silently returning None when its Denial of Service (DoS) protection limits are exceeded [1][2]. Background and Reason for Change: Earlier versions (introduced in 0.5.4) added security guards—MAX_GROUPING_DEPTH and MAX_GROUPING_TOKENS—to prevent algorithmic complexity attacks during SQL parsing [1][3]. When these limits were initially hit, the parser would silently return None, which effectively suppressed error reporting and made it difficult for users to diagnose why certain large or complex SQL statements were failing to parse [2][4]. Version 0.5.5 corrected this behavior by explicitly raising a SQLParseError, providing clear feedback such as "Maximum grouping depth exceeded" or "Maximum number of tokens exceeded" [5][2]. Managing Limits: If you encounter these errors while processing legitimate, large SQL statements, you can adjust or disable the protections by modifying the constants in sqlparse.engine.grouping [3][4]. To increase or disable these limits, use: import sqlparse.engine.grouping # Increase limits (use with caution) sqlparse.engine.grouping.MAX_GROUPING_DEPTH = 200 sqlparse.engine.grouping.MAX_GROUPING_TOKENS = 50000 # Disable limits completely (use with extreme caution as this restores DoS vulnerability) sqlparse.engine.grouping.MAX_GROUPING_DEPTH = None sqlparse.engine.grouping.MAX_GROUPING_TOKENS = None It is highly recommended to keep these protections enabled if you are processing untrusted SQL input, as they are designed to prevent resource exhaustion attacks [3][4].Citations:
Update
sqlparseto 0.5.5: DoS handling now raisesSQLParseError(check any indirect SQL parsing paths)sqlparse==0.5.5exists on PyPI; the known security advisories shown for sqlparse are patched by 0.5.5 (e.g., DoS limit issue patched in 0.5.4).sqlparse0.5.5, when grouping limits are exceeded, DoS protection now raisesSQLParseErrorinstead of returningNone.sqlparseusage (only the dependency entry), so breakage risk is mainly if SQL parsing is done indirectly via other dependencies—exercise a smoke test around any SQL-parsing flows.🤖 Prompt for AI Agents