MySQL (major): enhance security with parameterized queries, add query validation#928
Merged
vtalas merged 5 commits intoAppmixer-ai:devfrom Jan 21, 2026
Merged
MySQL (major): enhance security with parameterized queries, add query validation#928vtalas merged 5 commits intoAppmixer-ai:devfrom
vtalas merged 5 commits intoAppmixer-ai:devfrom
Conversation
…d add query validation
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request enhances security for the MySQL connector by implementing parameterized queries and SQL query validation to prevent SQL injection attacks. The changes are marked as a major breaking change (version 2.0.0) because existing users with non-SELECT SQL queries will experience breaking behavior.
Changes:
- Adds parameterized query support using the
sqlstringlibrary - Implements query validation to restrict queries to only SELECT and WITH statements
- Updates bundle version to 2.0.0 with breaking change notice
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/appmixer/mysql/common.js | Adds sqlstring import, implements validateQuery function, updates runQuery to use parameterized queries and validation |
| src/appmixer/mysql/bundle.json | Updates version from 1.0.3 to 2.0.0 with changelog entry for breaking security improvements |
| src/appmixer/mysql/logo.png | Binary file (no review needed) |
Copilot AI
added a commit
that referenced
this pull request
Jan 16, 2026
Co-authored-by: jirihofman <12988096+jirihofman@users.noreply.github.com>
Contributor
Author
|
Interesting note: Don't name your branch |
vtalas
approved these changes
Jan 21, 2026
vtalas
pushed a commit
that referenced
this pull request
Jan 21, 2026
* Initial plan * Apply PR #928 security changes to MSSQL connector Co-authored-by: jirihofman <12988096+jirihofman@users.noreply.github.com> * Add unit tests for MSSQL validateQuery function Co-authored-by: jirihofman <12988096+jirihofman@users.noreply.github.com> * only triggers do `validateQuery` * icon update --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jirihofman <12988096+jirihofman@users.noreply.github.com> Co-authored-by: Jiří Hofman <jiri.hofman@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of https://github.com/Appmixer-ai/appmixer-components/issues/2509
Without this it runs the query. Multi queries are blocked by default by the library default settings.
Breaking because there might be some weird stuff in the
SQL queryfield.