From 334ce052f063b53a4275518cbed3bab357695d7e Mon Sep 17 00:00:00 2001 From: Timothy Carambat Date: Thu, 12 Mar 2026 21:56:57 -0700 Subject: [PATCH] Fix SQL injection in SQL Agent plugin via parameterized queries Replace string concatenation with parameterized queries in all database connectors to prevent SQL injection through LLM-generated table names. Changes: - PostgreSQL: Use $1, $2 placeholders with pg client parameterization - MySQL: Use ? placeholders with mysql2 execute() prepared statements - MSSQL: Use @p0 placeholders with request.input() parameterization - Update handlers to support parameterized query objects - Add formatQueryForDisplay() for logging parameterized queries Security: Mitigates potential SQL injection when LLM passes unsanitized user input as table_name parameter to getTableSchemaSql/getTablesSql. GHSA-jwjx-mw2p-5wc7 --- .../plugins/sql-agent/SQLConnectors/MSSQL.js | 14 ++++++++--- .../plugins/sql-agent/SQLConnectors/MySQL.js | 19 +++++++++++--- .../sql-agent/SQLConnectors/Postgresql.js | 16 +++++++++--- .../plugins/sql-agent/get-table-schema.js | 25 ++++++++++++++++--- .../aibitat/plugins/sql-agent/list-table.js | 24 ++++++++++++++++-- 5 files changed, 81 insertions(+), 17 deletions(-) diff --git a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MSSQL.js b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MSSQL.js index 584e2f638..d6a8fda5a 100644 --- a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MSSQL.js +++ b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MSSQL.js @@ -62,14 +62,19 @@ class MSSQLConnector { /** * * @param {string} queryString the SQL query to be run + * @param {Array} params optional parameters for prepared statement * @returns {Promise} */ - async runQuery(queryString = "") { + async runQuery(queryString = "", params = []) { const result = { rows: [], count: 0, error: null }; try { if (!this.#connected) await this.connect(); - const query = await this._client.query(queryString); + const request = this._client.request(); + params.forEach((value, index) => { + request.input(`p${index}`, value); + }); + const query = await request.query(queryString); result.rows = query.recordset; result.count = query.rowsAffected.reduce((sum, a) => sum + a, 0); } catch (err) { @@ -99,7 +104,10 @@ class MSSQLConnector { } getTableSchemaSql(table_name) { - return `SELECT COLUMN_NAME,COLUMN_DEFAULT,IS_NULLABLE,DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='${table_name}'`; + return { + query: `SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @p0`, + params: [table_name], + }; } } diff --git a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MySQL.js b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MySQL.js index 7fa4c6a51..99fc05148 100644 --- a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MySQL.js +++ b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MySQL.js @@ -30,13 +30,17 @@ class MySQLConnector { /** * * @param {string} queryString the SQL query to be run + * @param {Array} params optional parameters for prepared statement * @returns {Promise} */ - async runQuery(queryString = "") { + async runQuery(queryString = "", params = []) { const result = { rows: [], count: 0, error: null }; try { if (!this.#connected) await this.connect(); - const [query] = await this._client.query(queryString); + const [query] = + params.length > 0 + ? await this._client.execute(queryString, params) + : await this._client.query(queryString); result.rows = query; result.count = query?.length; } catch (err) { @@ -62,10 +66,17 @@ class MySQLConnector { } getTablesSql() { - return `SELECT table_name FROM information_schema.tables WHERE table_schema = '${this.database_id}'`; + return { + query: `SELECT table_name FROM information_schema.tables WHERE table_schema = ?`, + params: [this.database_id], + }; } + getTableSchemaSql(table_name) { - return `SHOW COLUMNS FROM ${this.database_id}.${table_name};`; + return { + query: `SELECT COLUMN_NAME, COLUMN_TYPE, IS_NULLABLE, COLUMN_KEY, COLUMN_DEFAULT, EXTRA FROM information_schema.columns WHERE table_schema = ? AND table_name = ?`, + params: [this.database_id, table_name], + }; } } diff --git a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/Postgresql.js b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/Postgresql.js index d77c1bf52..a452ae352 100644 --- a/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/Postgresql.js +++ b/server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/Postgresql.js @@ -25,13 +25,14 @@ class PostgresSQLConnector { /** * * @param {string} queryString the SQL query to be run + * @param {Array} params optional parameters for prepared statement * @returns {Promise} */ - async runQuery(queryString = "") { + async runQuery(queryString = "", params = []) { const result = { rows: [], count: 0, error: null }; try { if (!this.#connected) await this.connect(); - const query = await this._client.query(queryString); + const query = await this._client.query(queryString, params); result.rows = query.rows; result.count = query.rowCount; } catch (err) { @@ -57,10 +58,17 @@ class PostgresSQLConnector { } getTablesSql() { - return `SELECT * FROM pg_catalog.pg_tables WHERE schemaname = '${this.schema}'`; + return { + query: `SELECT * FROM pg_catalog.pg_tables WHERE schemaname = $1`, + params: [this.schema], + }; } + getTableSchemaSql(table_name) { - return ` select column_name, data_type, character_maximum_length, column_default, is_nullable from INFORMATION_SCHEMA.COLUMNS where table_name = '${table_name}' AND table_schema = '${this.schema}'`; + return { + query: `SELECT column_name, data_type, character_maximum_length, column_default, is_nullable FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = $1 AND table_schema = $2`, + params: [table_name, this.schema], + }; } } diff --git a/server/utils/agents/aibitat/plugins/sql-agent/get-table-schema.js b/server/utils/agents/aibitat/plugins/sql-agent/get-table-schema.js index c08a76425..c150de4e9 100644 --- a/server/utils/agents/aibitat/plugins/sql-agent/get-table-schema.js +++ b/server/utils/agents/aibitat/plugins/sql-agent/get-table-schema.js @@ -6,6 +6,18 @@ module.exports.SqlAgentGetTableSchema = { getDBClient, } = require("./SQLConnectors/index.js"); + function formatQueryForDisplay(query, params = []) { + if (!params.length) return query; + let formatted = query; + params.forEach((param, index) => { + const value = typeof param === "string" ? `'${param}'` : param; + formatted = formatted.replace(`$${index + 1}`, value); + formatted = formatted.replace(`@p${index}`, value); + formatted = formatted.replace("?", value); + }); + return formatted; + } + return { name: "sql-get-table-schema", setup(aibitat) { @@ -67,12 +79,17 @@ module.exports.SqlAgentGetTableSchema = { this.super.introspect( `${this.caller}: Querying the table schema for ${table_name} in the ${databaseConfig.database_id} database.` ); + + const sqlQuery = db.getTableSchemaSql(table_name); + const isParameterized = + typeof sqlQuery === "object" && sqlQuery.query; + const queryString = isParameterized ? sqlQuery.query : sqlQuery; + const queryParams = isParameterized ? sqlQuery.params : []; + this.super.introspect( - `Running SQL: ${db.getTableSchemaSql(table_name)}` - ); - const result = await db.runQuery( - db.getTableSchemaSql(table_name) + `Running SQL: ${formatQueryForDisplay(queryString, queryParams)}` ); + const result = await db.runQuery(queryString, queryParams); if (result.error) { this.super.handlerProps.log( diff --git a/server/utils/agents/aibitat/plugins/sql-agent/list-table.js b/server/utils/agents/aibitat/plugins/sql-agent/list-table.js index 1d8e262e9..5c64fd74d 100644 --- a/server/utils/agents/aibitat/plugins/sql-agent/list-table.js +++ b/server/utils/agents/aibitat/plugins/sql-agent/list-table.js @@ -6,6 +6,18 @@ module.exports.SqlAgentListTables = { getDBClient, } = require("./SQLConnectors/index.js"); + function formatQueryForDisplay(query, params = []) { + if (!params.length) return query; + let formatted = query; + params.forEach((param, index) => { + const value = typeof param === "string" ? `'${param}'` : param; + formatted = formatted.replace(`$${index + 1}`, value); + formatted = formatted.replace(`@p${index}`, value); + formatted = formatted.replace("?", value); + }); + return formatted; + } + return { name: "sql-list-tables", setup(aibitat) { @@ -61,8 +73,16 @@ module.exports.SqlAgentListTables = { `${this.caller}: Checking what are the available tables in the ${databaseConfig.database_id} database.` ); - this.super.introspect(`Running SQL: ${db.getTablesSql()}`); - const result = await db.runQuery(db.getTablesSql(database_id)); + const sqlQuery = db.getTablesSql(); + const isParameterized = + typeof sqlQuery === "object" && sqlQuery.query; + const queryString = isParameterized ? sqlQuery.query : sqlQuery; + const queryParams = isParameterized ? sqlQuery.params : []; + + this.super.introspect( + `Running SQL: ${formatQueryForDisplay(queryString, queryParams)}` + ); + const result = await db.runQuery(queryString, queryParams); if (result.error) { this.super.handlerProps.log( `sql-list-tables tool reported error`,