• GitHub logo
  • Discord logo
Loading ...
Guardrails AI
Exclude SQL Predicates
2
See on Github
This rule checks for the use of particular SQL predicates in the query. It is important to exclude SQL predicates from the query to prevent SQL injection attacks.
en
string
sql
Data Leakage
Code Exploits
Invalid Code
Text2SQL
CodeGen

Overview

updated 2 years
Developed by:
Guardrails AI
Date of development:
Feb 15, 2024
Validator type:
Text2SQL
Blog:
License:
Apache 2
Input/Output:
Output

Playground

The validator playground is available to authenticated users. Please log in to use it.

log in
Description
Intended Use

This validator confirms that all SQL predicates generated by the LLM are valid and allowed.

Requirements
  • Dependencies:
    • guardrails-ai>=0.4.0
    • sqlglot
Installation
$ guardrails hub install hub://guardrails/exclude_sql_predicates
Usage Examples
Validating string output via Python

In this example, we apply the validator to a string output generated by an LLM.

# Import Guard and Validator
from guardrails import Guard
from guardrails.hub import ExcludeSqlPredicates

# Setup Guard
guard = Guard().use(
    ExcludeSqlPredicates, predicates=["Drop"], on_fail="exception"
)

response = guard.validate("select * from employees;")  # Validator passes

try:
    response = guard.validate("drop table departments;")  # Validator fails
except Exception as e:
    print(e)

Output:

Validation failed for field with errors: SQL query contains predicate Drop
API Reference

__init__(self, on_fail="noop")

Initializes a new instance of the Validator class.

Parameters

  • predicates (list[str]): The list of SQL predicates to avoid.
  • on_fail (str, Callable): The policy to enact when a validator fails. If str, must be one of reask, fix, filter, refrain, noop, exception or fix_reask. Otherwise, must be a function that is called when the validator fails.

__call__(self, value, metadata={}) -> ValidationResult

Validates the given value using the rules defined in this validator, relying on the metadata provided to customize the validation process. This method is automatically invoked by guard.parse(...), ensuring the validation logic is applied to the input data.

Note:

  1. This method should not be called directly by the user. Instead, invoke guard.parse(...) where this method will be called internally for each associated Validator.
  2. When invoking guard.parse(...), ensure to pass the appropriate metadata dictionary that includes keys and values required by this validator. If guard is associated with multiple validators, combine all necessary metadata into a single dictionary.

Parameters

  • value (Any): The input value to validate.
  • metadata (dict): A dictionary containing metadata required for validation. No additional metadata keys are needed for this validator.