[fix] Use cursor.description to detect result-returning queries#75
Open
jonasbrami wants to merge 1 commit into
Open
[fix] Use cursor.description to detect result-returning queries#75jonasbrami wants to merge 1 commit into
jonasbrami wants to merge 1 commit into
Conversation
Replace brittle sql_upper.startswith() keyword check with cursor.description, which reliably detects any statement that returns a result set (SELECT, SHOW, DESCRIBE, EXPLAIN, CTEs, etc.) without maintaining a hardcoded list of SQL keywords.
Member
|
Blocking: missing regression tests. This classification branch has already caused Issue #62 Bug 5 once, and the cases motivating this PR (leading comments, parenthesized Please add regression tests covering at least:
|
catpineapple
requested changes
Apr 14, 2026
catpineapple
left a comment
catpineapple
left a comment
Member
There was a problem hiding this comment.
Thank you for your contribution, but some additional test cases are needed to ensure the robustness of doris MCP.
This was referenced May 21, 2026
FreeOnePlus
pushed a commit
that referenced
this pull request
May 21, 2026
* [fix] Use cursor.description to detect result-returning queries Replace brittle sql_upper.startswith() keyword check with cursor.description, which reliably detects any statement that returns a result set (SELECT, SHOW, DESCRIBE, EXPLAIN, CTEs, etc.) without maintaining a hardcoded list of SQL keywords. * Fix max_rows bypass for comment-prefixed SELECT in execute_sql_for_mcp Same root cause as #75: sql.upper().startswith("SELECT") at query_executor.py:689 returns False when SQL begins with a leading '--' or '/* */' comment, so the auto-injected LIMIT {max_rows} is silently skipped and large queries can be dispatched unbounded. This callsite runs before cursor.execute, so cursor.description is not available. Use a small helper that strips leading SQL comments before extracting the first keyword. * Add regression tests for result-set detection contract These tests pin the user-facing contract of DorisConnection.execute(): any SQL the driver reports as producing a result set must return its rows, regardless of how the statement is phrased. Guards against regression of: - Issue #62 Bug 5 (CTE / WITH returning empty data) - The leading-comment bug fixed in #75 (data: [] with row_count > 0 for SELECT prefixed by '--' or '/* */') - The same-root-cause LIMIT bypass fixed in the previous commit Also adds unit tests for the new get_first_sql_keyword helper. --------- Co-authored-by: jonas.brami <jonasbrami@gmail.com>
Contributor
|
Hi @jonasbrami, heads up — #87 has been merged. It preserves your commit as-is at the base of the branch (so you remain the author of the The underlying bug is now fixed on master, so this PR can be closed at your convenience. Thanks for the original fix! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace brittle sql_upper.startswith() keyword check with cursor.description, which reliably detects any statement that returns a result set (SELECT, SHOW, DESCRIBE, EXPLAIN, CTEs, etc.) without maintaining a hardcoded list of SQL keywords.