gmakstutis/cognee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix security issue: Unrestricted SQL Query Execution Through Raw Query Interface (CWE-89)

Browse source
This commit is contained in:
pensarapp[bot] 2025-06-09 16:59:24 +00:00 committed by GitHub
parent ecbabbd261
commit eaa6ff2f65
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
cognee/infrastructure/databases/relational/sqlalchemy/SqlAlchemyAdapter.py
View file

@ -396,23 +396,7 @@ class SQLAlchemyAdapter:
rows = result.mappings().all()
return rows
async def execute_query(self, query):
"""
Execute a raw SQL query against the database asynchronously.
Parameters:
-----------
- query: The SQL query string to execute.
Returns:
--------
The result set as a list of dictionaries, with each dictionary representing a row.
"""
async with self.engine.begin() as connection:
result = await connection.execute(text(query))
return [dict(row) for row in result]
# The unsafe execute_query method has been removed due to SQL injection risk.
async def drop_tables(self):
"""
@ -592,4 +576,4 @@ class SQLAlchemyAdapter:
f"Missing value in foreign key information. \nColumn value: {col}\nReference column value: {ref_col}\n"
)
return schema
return schema