Describe the bug
✗ Store identify review results (sql)
│ INSERT INTO trace_reviews (trace, function_name, file, status, finding) VALUES
└ Blocked SQL statement: "attach" is not allowed for security reasons.
I saw the above error in the trace of my agent using sql to track the status of a code review.
The model said this:
● The word "attach" in data triggers the filter. Let me split the inserts:
Looks like there needs to be some better filtering of commands versus values when evaluating the safety of sql statements. Maybe ask sqlite-ast-parser to parse the statement first and then evaluate the different parts of the statement? Or use sqlite3_set_authorizer to inspect commands as they execute.
Affected version
GitHub Copilot CLI 1.0.10
Steps to reproduce the behavior
I asked for a trace-by-trace code review of a codebase via claude opus 4.6. It chose to use a sqlite database to track status of review. the codebase contains the word attach in its functions.
Expected behavior
No response
Additional context
No response
Describe the bug
I saw the above error in the trace of my agent using sql to track the status of a code review.
The model said this:
Looks like there needs to be some better filtering of commands versus values when evaluating the safety of sql statements. Maybe ask sqlite-ast-parser to parse the statement first and then evaluate the different parts of the statement? Or use
sqlite3_set_authorizerto inspect commands as they execute.Affected version
GitHub Copilot CLI 1.0.10
Steps to reproduce the behavior
I asked for a trace-by-trace code review of a codebase via claude opus 4.6. It chose to use a sqlite database to track status of review. the codebase contains the word attach in its functions.
Expected behavior
No response
Additional context
No response