remove static expressions

ori-n · ori-n · commit cdf993410541 · 2025-02-24T10:48:17.000+02:00
diff --git a/src/sql_data_guard/sql_data_guard.py b/src/sql_data_guard/sql_data_guard.py
@@ -3,6 +3,7 @@
 
 import sqlglot
 import sqlglot.expressions as expr
+from sqlglot.optimizer.simplify import simplify
 
 
 class _VerificationContext:
@@ -104,29 +105,33 @@ def verify_sql(sql: str, config: dict, dialect: str = None) -> dict:
     return { "allowed": len(result.errors) == 0, "errors": result.errors, "fixed": result.fixed, "risk": result.risk}
 
 
-def _verify_where_clause(result: _VerificationContext, select_statement: expr.Query,
+def _verify_where_clause(context: _VerificationContext, select_statement: expr.Query,
+                         from_tables: List[expr.Table]):
+    _verify_static_expression(select_statement, context)
+    _verify_restrictions(select_statement, context, from_tables)
+
+def _verify_restrictions(select_statement: expr.Query,
+                         context: _VerificationContext,
                          from_tables: List[expr.Table]):
     where_clause = select_statement.find(expr.Where)
     if where_clause is None:
         where_clause = select_statement.find(expr.Where)
         and_exps = []
     else:
         and_exps = list(_split_to_expressions(where_clause.this, expr.And))
-    if not _verify_static_expression(result, and_exps):
-        return
-    for t in [c_t for c_t in result.config["tables"] if c_t["table_name"] in [t.name for t in from_tables]]:
+    for t in [c_t for c_t in context.config["tables"] if c_t["table_name"] in [t.name for t in from_tables]]:
         for idx, r in enumerate(t.get("restrictions", [])):
             found = False
             for sub_exp in and_exps:
                 if _verify_restriction(r, sub_exp):
                     found = True
                     break
             if not found:
-                result.add_error(
+                context.add_error(
                     f"Missing restriction for table: {t['table_name']} column: {r['column']} value: {r['value']}",
                     True, 0.5)
                 value = f"'{r['value']}'" if isinstance(r["value"], str) else r["value"]
-                new_condition = sqlglot.parse_one(f"{r['column']} = {value}", dialect=result.dialect)
+                new_condition = sqlglot.parse_one(f"{r['column']} = {value}", dialect=context.dialect)
                 if where_clause is None:
                     where_clause = expr.Where(this=new_condition)
                     select_statement.set("where", where_clause)
@@ -135,24 +140,37 @@ def _verify_where_clause(result: _VerificationContext, select_statement: expr.Qu
                                                                                  expression=new_condition)))
 
 
-def _verify_static_expression(context: _VerificationContext, exps: List[expr.Expression]) -> bool:
+def _verify_static_expression(select_statement: expr.Query, context: _VerificationContext) -> bool:
     has_static_exp = False
-    for e in exps:
-        if _has_static_expression(context, e):
-            has_static_exp = True
+    where_clause = select_statement.find(expr.Where)
+    if where_clause:
+        and_exps = list(_split_to_expressions(where_clause.this, expr.And))
+        for e in and_exps:
+            if _has_static_expression(context, e):
+                has_static_exp = True
+    if has_static_exp:
+        simplify(where_clause)
     return not has_static_exp
 
 def _has_static_expression(context: _VerificationContext, exp: expr.Expression) -> bool:
     if isinstance(exp, expr.Not):
         return _has_static_expression(context, exp.this)
     result = False
+    to_replace = []
     for sub_exp in _split_to_expressions(exp, expr.Or):
         if isinstance(sub_exp, (expr.Or, expr.And)):
             result = _has_static_expression(context, sub_exp)
         elif not sub_exp.find(expr.Column):
             context.add_error(
-                f"Static expression is not allowed: {sub_exp.sql()}", False, 0.9)
+                f"Static expression is not allowed: {sub_exp.sql()}", True, 0.8)
+            par = sub_exp.parent
+            while isinstance(par, expr.Paren):
+                par = par.parent
+            if isinstance(par, expr.Or):
+                to_replace.append(sub_exp)
             result = True
+    for e in to_replace:
+        e.replace(expr.Boolean(this=False))
     return result
 
 
@@ -171,7 +189,6 @@ def _verify_restriction(restriction: dict, exp: expr.Expression) -> bool:
         return False
     if isinstance(exp, expr.Paren):
         return _verify_restriction(restriction, exp.this)
-
     if not isinstance(exp.this, expr.Column):
         return False
     if not exp.this.name == restriction["column"]:
diff --git a/test/resources/orders_test.jsonl b/test/resources/orders_test.jsonl
@@ -22,10 +22,14 @@
 {"name": "bad_restriction", "sql": "SELECT id FROM orders WHERE id = 123 OR id = 234", "errors": ["Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE (id = 123 OR id = 234) AND id = 123"}
 {"name": "bracketed", "sql": "SELECT id FROM orders WHERE (id = 123)", "errors": [], "data": [[123]]}
 {"name": "double_bracketed", "sql": "SELECT id FROM orders WHERE ((id = 123))", "errors": [], "data": [[123]]}
-{"name": "static_exp", "sql": "SELECT id FROM orders WHERE id = 123 OR (1 = 1)", "errors": ["Static expression is not allowed: 1 = 1"]}
-{"name": "two_static_exps", "sql": "SELECT id FROM orders WHERE id = 123 OR (1 = 1) OR (2 = 2)", "errors": ["Static expression is not allowed: 1 = 1", "Static expression is not allowed: 2 = 2"]}
-{"name": "nested_static_exp", "sql": "SELECT id FROM orders WHERE id = 123 OR (id = 1 OR TRUE)", "errors": ["Static expression is not allowed: TRUE"]}
-{"name": "nested_static_exp2", "sql": "SELECT id FROM orders WHERE id = 123 AND (product_name = 'product1' OR (TRUE))", "errors": ["Static expression is not allowed: TRUE"]}
+{"name": "static_exp", "sql": "SELECT id FROM orders WHERE id = 123 OR 1 = 1", "errors": ["Static expression is not allowed: 1 = 1"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
+{"name": "only_static_exp", "sql": "SELECT id FROM orders WHERE 1 = 1", "errors": ["Static expression is not allowed: 1 = 1", "Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
+{"name": "only_static_exp_false", "sql": "SELECT id FROM orders WHERE 1 = 0", "errors": ["Static expression is not allowed: 1 = 0", "Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE (FALSE) AND id = 123", "data": []}
+{"name": "static_exp_paren", "sql": "SELECT id FROM orders WHERE id = 123 OR (1 = 1)", "errors": ["Static expression is not allowed: 1 = 1"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
+{"name": "two_static_exps", "sql": "SELECT id FROM orders WHERE id = 123 OR (1 = 1) OR (2 = 2)", "errors": ["Static expression is not allowed: 1 = 1", "Static expression is not allowed: 2 = 2"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
+{"name": "static_exp_with_missing_restriction", "sql": "SELECT id, name FROM orders WHERE 1 = 1", "errors": ["Column name is not allowed. Column removed from SELECT clause", "Static expression is not allowed: 1 = 1", "Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
+{"name": "nested_static_exp", "sql": "SELECT id FROM orders WHERE id = 123 OR (id = 1 OR TRUE)", "errors": ["Static expression is not allowed: TRUE", "Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE (id = 1 OR id = 123) AND id = 123", "data": [[123]]}
+{"name": "nested_static_exp2", "sql": "SELECT id FROM orders WHERE id = 123 AND (product_name = 'product1' OR (TRUE))", "errors": ["Static expression is not allowed: TRUE"], "fix": "SELECT id FROM orders WHERE id = 123 AND product_name = 'product1'", "data": [[123]]}
 {"name": "multiple_brackets_exp", "sql": "SELECT id FROM orders WHERE (( ( (id = 123))))", "errors": [], "data": [[123]]}
 {"name": "with_clause", "sql": "WITH data AS (SELECT id FROM orders WHERE id = 123) SELECT id FROM data", "errors": [], "data": [[123]]}
 {"name": "nested_with_clause", "sql": "WITH data AS (WITH sub_data AS (SELECT id FROM orders) SELECT id FROM sub_data) SELECT id FROM data", "errors": ["Missing restriction for table: orders column: id value: 123"], "fix": "WITH data AS (WITH sub_data AS (SELECT id FROM orders WHERE id = 123) SELECT id FROM sub_data) SELECT id FROM data"}
@@ -48,10 +52,10 @@
 {"name": "no_from_sub_select", "sql": "SELECT id, sub.col FROM orders CROSS JOIN (SELECT 11 AS col) AS sub WHERE id = 123", "errors": [], "data": [[123, 11]]}
 {"name": "no_from_sub_select_lateral", "sql": "SELECT id, sub.col FROM orders CROSS JOIN LATERAL (SELECT 11 AS col) AS sub WHERE id = 123", "errors": []}
 {"name": "day_between", "sql": "SELECT id FROM orders WHERE DATE(day) BETWEEN DATE('2000-01-01') AND DATE('now','-1 day') AND id = 123", "errors": [], "data": [[123]]}
-{"name": "day_between_static_exp", "sql": "SELECT id FROM orders WHERE DATE('2000-01-01') BETWEEN DATE('2000-01-01') AND DATE('2000-01-01') AND id = 123", "errors": ["Static expression is not allowed: DATE('2000-01-01') BETWEEN DATE('2000-01-01') AND DATE('2000-01-01')"], ",data": [[123]]}
+{"name": "day_between_static_exp", "sql": "SELECT id FROM orders WHERE DATE('2000-01-01') BETWEEN DATE('2000-01-01') AND DATE('2000-01-01') OR id = 123", "errors": ["Static expression is not allowed: DATE('2000-01-01') BETWEEN DATE('2000-01-01') AND DATE('2000-01-01')"], "fix": "SELECT id FROM orders WHERE id = 123" ,"data": [[123]]}
 {"name": "day_in_func", "sql": "SELECT id FROM orders WHERE LOWER(LOWER(LOWER(day))) <> '' AND id = 123", "errors": [], "data": [[123]]}
-{"name": "is_null", "sql": "SELECT id FROM orders WHERE day IS NOT NULL AND id = 123", "errors": [], ",data": [[123]]}
-{"name": "is_null_static_exp", "sql": "SELECT id FROM orders WHERE NULL IS NULL AND id = 123", "errors": ["Static expression is not allowed: NULL IS NULL"], ",data": [[123]]}
+{"name": "is_null", "sql": "SELECT id FROM orders WHERE day IS NOT NULL AND id = 123", "errors": []}
+{"name": "is_null_static_exp", "sql": "SELECT id FROM orders WHERE NULL IS NULL AND id = 123", "errors": ["Static expression is not allowed: NULL IS NULL"], "fix": "SELECT id FROM orders WHERE id = 123", "data": [[123]]}
 {"name": "not_op", "sql": "SELECT id FROM orders WHERE NOT id = 123", "errors": ["Missing restriction for table: orders column: id value: 123"], "fix": "SELECT id FROM orders WHERE (NOT id = 123) AND id = 123", "data": []}
 {"name": "delete_op", "sql": "DELETE FROM orders", "errors": ["DELETE statement is not allowed"]}
 {"name": "drop_op", "sql": "DROP orders", "errors": ["DROP statement is not allowed"]}
diff --git a/test/test_sql_guard_unit.py b/test/test_sql_guard_unit.py
@@ -96,7 +96,7 @@ def test_orders_from_file_ai(self, test_name, config, cnn, ai_tests):
         _test_sql(test["sql"], config, set(test.get("errors", [])),
               test.get("fix"), cnn=cnn, data=test.get("data"))
 
-    @pytest.mark.parametrize("test_name", ["no_from_sub_select_lateral"])
+    @pytest.mark.parametrize("test_name", ["day_between_static_exp"])
     def test_by_name(self, test_name, config, cnn, tests):
         """Test by name. Use it to run a single test from tests/ai_tests by name"""
         test = tests[test_name]
