From 55dbdd5e14107ece49257a51c3acbe0284285f37 Mon Sep 17 00:00:00 2001
From: drgnchan <40224023+drgnchan@users.noreply.github.com>
Date: Mon, 11 Aug 2025 13:29:51 +0800
Subject: [PATCH] [improvement] Enhance SQL injection detection patterns in
 SQLSecurityValidator (#46)

---
 .dockerignore                      | 2 ++
 doris_mcp_server/utils/security.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..9f335b5
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+**/.venv
+**/venv
\ No newline at end of file
diff --git a/doris_mcp_server/utils/security.py b/doris_mcp_server/utils/security.py
index abf6a7f..c1c4dc8 100644
--- a/doris_mcp_server/utils/security.py
+++ b/doris_mcp_server/utils/security.py
@@ -537,7 +537,7 @@ class SQLSecurityValidator:
         """Check SQL injection risks"""
         # Check common SQL injection patterns
         injection_patterns = [
-            r"(\s|^)(union|select|insert|update|delete|drop|create|alter)\s+.*\s+(union|select|insert|update|delete|drop|create|alter)",
+            r"(?i)(?<![A-Za-z0-9_])(union|select|insert|update|delete|drop|create|alter)(?![A-Za-z0-9_])\s+[\s\S]*?\s+(?<![A-Za-z0-9_])(union|select|insert|update|delete|drop|create|alter)(?![A-Za-z0-9_])",
             r"(\s|^)(or|and)\s+\d+\s*=\s*\d+",
             r"(\s|^)(or|and)\s+['\"].*['\"]",
             r";\s*(drop|delete|truncate|alter|create)",