**Guardrails:** are important to prevent misuse and mitigate concerns on bad actors. Within sql-sidekick, we have added support for scanning malicious patterns that might occur in generated SELECT statements that might destroy the database or compromise sensitive information. 
We adopted a 2-step approach, using pattern matching and LLM prompting to ensure safety and compliance in a product setting. The self-corrective loop with external feedback helps maintain syntactical integrity.

_Reference:_
1. https://github.com/payloadbox/sql-injection-payload-list#generic-sql-injection-payloads
2. https://www.invicti.com/blog/web-security/sql-injection-cheat-sheet/#InlineSamples

In [None]:
# !pip install --force-reinstall sql_sidekick-0.x.x-py3-none-any.whl

In [1]:
%load_ext autoreload
%autoreload 2

In [2]:
from sidekick import prompter
prompter.__version__

'0.2.0'

In [3]:
import os
import pandas as pd
from pathlib import Path


from sidekick.prompter import ask, db_setup
from sidekick.query import SQLGenerator
from sidekick.schema_generator import generate_schema
from sidekick.utils import setup_dir

import warnings
warnings.filterwarnings("ignore")

In [4]:
# env variables

os.environ['OPENAI_API_KEY'] = ""
os.environ['H2OGPT_URL'] = ''
os.environ['H2OGPT_API_TOKEN'] = ""
os.environ['H2OGPTE_URL'] = "https://h2ogpte.genai.h2o.ai"  # e.g. https://<>.h2ogpte.h2o.ai
os.environ['H2OGPTE_API_TOKEN'] = ""


base_path = "."
cache_path = f"{base_path}/var/lib/tmp"
setup_dir(base_path)

HOST_NAME = "localhost"
USER_NAME = "sqlite"
PASSWORD = "abc"
DB_NAME = "query_test"
PORT = "5432"

In [5]:
data_path = "./sleep_health_and_lifestyle_dataset.csv"
# Replace table_name as needed
table_name = "sleep_health_and_lifestyle"
table_schema, table_info_path = generate_schema(data_path=data_path, output_path=f"{cache_path}/{table_name}_table_info.jsonl")

# Initialize DB
if Path(f"{base_path}/db/sqlite/{DB_NAME}.db").exists():
    os.remove(f"{base_path}/db/sqlite/{DB_NAME}.db")

In [6]:
# Set add_sample=False if no need to add rows to the table
response , err = db_setup(
                db_name=DB_NAME,
                hostname=HOST_NAME,
                user_name=USER_NAME,
                password=PASSWORD,
                port=PORT,
                table_info_path=table_info_path,
                table_samples_path=data_path,
                table_name=table_name,
                local_base_path=base_path,
                add_sample=True
            )

 Information supplied:
 query_test, localhost, sqlite, abc, 5432


[32m2024-01-19 22:24:26.138[0m | [34m[1mDEBUG   [0m | [36msidekick.db_config[0m:[36mcreate_db[0m:[36m108[0m - [34m[1mSQLite DB is created successfully.[0m


Database created successfully!
Table name: sleep_health_and_lifestyle


[32m2024-01-19 22:24:26.142[0m | [34m[1mDEBUG   [0m | [36msidekick.db_config[0m:[36m_extract_schema_info[0m:[36m162[0m - [34m[1mUsing schema information from: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:24:26.144[0m | [34m[1mDEBUG   [0m | [36msidekick.db_config[0m:[36mcreate_table[0m:[36m186[0m - [34m[1mSchema info used for creating table:
 Person_ID NUMERIC,
Gender TEXT COLLATE NOCASE,
Age NUMERIC,
Occupation TEXT COLLATE NOCASE,
Sleep_Duration NUMERIC,
Quality_of_Sleep NUMERIC,
Physical_Activity_Level NUMERIC,
Stress_Level NUMERIC,
BMI_Category TEXT COLLATE NOCASE,
Blood_Pressure TEXT COLLATE NOCASE,
Heart_Rate NUMERIC,
Daily_Steps NUMERIC,
Sleep_Disorder TEXT COLLATE NOCASE[0m
[32m2024-01-19 22:24:26.155[0m | [1mINFO    [0m | [36msidekick.db_config[0m:[36mcreate_table[0m:[36m198[0m - [1mTable created: sleep_health_and_lifestyle[0m


Checked table sleep_health_and_lifestyle exists in the DB.


[32m2024-01-19 22:24:26.159[0m | [34m[1mDEBUG   [0m | [36msidekick.db_config[0m:[36madd_samples[0m:[36m222[0m - [34m[1mAdding sample values to table: ./sleep_health_and_lifestyle_dataset.csv[0m
[32m2024-01-19 22:24:26.164[0m | [34m[1mDEBUG   [0m | [36msidekick.db_config[0m:[36madd_samples[0m:[36m228[0m - [34m[1mInserting chunk: 0[0m
[32m2024-01-19 22:24:26.264[0m | [1mINFO    [0m | [36msidekick.db_config[0m:[36madd_samples[0m:[36m233[0m - [1mData inserted into table: sleep_health_and_lifestyle[0m
[32m2024-01-19 22:24:26.267[0m | [1mINFO    [0m | [36msidekick.db_config[0m:[36madd_samples[0m:[36m238[0m - [1mNumber of rows inserted: 374[0m


Created a Database query_test. Inserted sample values from ./sleep_health_and_lifestyle_dataset.csv into table sleep_health_and_lifestyle, please ask questions!


## Example 1:

In [7]:
# Example lets consider a simple query as mentioned below,
# Expected output: a single row having information about person_id=105

input_q = """
    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105;
    """

# We are running in Debug Mode as we are validating SQL statements directly `debug_mode=True`
result = None
question = f"Execute SQL:\n{input_q}"

result, _, error = ask(
    question=question,
    table_info_path=table_info_path,
    sample_queries_path=None,
    table_name=table_name,
    is_command=False,
    model_name="h2ogpt-sql-nsql-llama-2-7B",
    is_regenerate=False,
    is_regen_with_options=False,
    execute_query=True,
    guardrails=False,
    local_base_path=base_path,
    debug_mode=True,
    self_correction=False
)

[32m2024-01-19 22:24:26.321[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m490[0m - [1mTable in use: ['sleep_health_and_lifestyle'][0m
[32m2024-01-19 22:24:26.322[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m491[0m - [1mSQL dialect for generation: sqlite[0m
[32m2024-01-19 22:24:26.323[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m524[0m - [1mSetting context...[0m
[32m2024-01-19 22:24:26.324[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m525[0m - [1mQuestion: Execute SQL:

    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105;
    [0m
[32m2024-01-19 22:24:26.325[0m | [34m[1mDEBUG   [0m | [36msidekick.prompter[0m:[36mask[0m:[36m543[0m - [34m[1mTable info path: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:24:26.326[0m | [1mINFO    [0m | [36msidekick.utils[0m:[36mis_resource_low[0m:[36m353[0m - [1mNumber of GP

The results are:
 [(105, 'Female', 36, 'Teacher', 7.2, 8, 60, 4, 'Normal', '115/75', 68, 7000, 'Sleep Apnea')]
Exiting...


In [8]:
# Injecting malicious tokens
# Example: OR 1=1
# Below user input is a syntactically valid SQL statement but since `0R 1=1` is always true, instead of returning information
# about person_id=105; a bad actor might get information about all user.

# Built-in guardrails is disabled
# Result contains more than one rows

result = None
input_q = """
    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105 OR 1=1;
    """
question = f"Execute SQL:\n{input_q}"
#1. Self correction is disabled
result, _, error = ask(
    question=question,
    table_info_path=table_info_path,
    sample_queries_path=None,
    table_name=table_name,
    is_command=False,
    model_name="h2ogpt-sql-nsql-llama-2-7B",
    is_regenerate=False,
    is_regen_with_options=False,
    execute_query=True,
    guardrails=False,
    local_base_path=base_path,
    debug_mode=True,
    self_correction=False
)

# format final output
import ast

res = ast.literal_eval(result[4])
final_res = pd.DataFrame(res)

print(f"Number of rows returned: {final_res.shape}") 

[32m2024-01-19 22:24:27.939[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m490[0m - [1mTable in use: ['sleep_health_and_lifestyle'][0m
[32m2024-01-19 22:24:27.941[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m491[0m - [1mSQL dialect for generation: sqlite[0m
[32m2024-01-19 22:24:27.942[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m524[0m - [1mSetting context...[0m
[32m2024-01-19 22:24:27.942[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m525[0m - [1mQuestion: Execute SQL:

    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105 OR 1=1;
    [0m
[32m2024-01-19 22:24:27.943[0m | [34m[1mDEBUG   [0m | [36msidekick.prompter[0m:[36mask[0m:[36m543[0m - [34m[1mTable info path: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:24:27.944[0m | [1mINFO    [0m | [36msidekick.utils[0m:[36mis_resource_low[0m:[36m353[0m - [1mNumbe

Preview of the result:
    Person_ID Gender  Age         Occupation  Sleep_Duration  Quality_of_Sleep  \
0          1   Male   27  Software Engineer             6.1                 6   
1          2   Male   28             Doctor             6.2                 6   

   Physical_Activity_Level  Stress_Level BMI_Category Blood_Pressure  \
0                       42             6   Overweight         126/83   
1                       60             8       Normal         125/80   

   Heart_Rate  Daily_Steps Sleep_Disorder  
0          77         4200           None  
1          75        10000           None  
Exiting...
Number of rows returned: (101, 13)


In [9]:
# With guardrails 'ON', we are able prevent such ambigious intent
# Enabling quardrails is configurable by setting the `guardrails=True/false`

result = None
input_q = """
    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105 OR 1=1;
    """
question = f"Execute SQL:\n{input_q}"

result, _, error = ask(
    question=question,
    table_info_path=table_info_path,
    sample_queries_path=None,
    table_name=table_name,
    is_command=False,
    model_name="h2ogpt-sql-nsql-llama-2-7B",
    is_regenerate=False,
    is_regen_with_options=False,
    execute_query=True,
    guardrails=True,
    local_base_path=base_path,
    debug_mode=True,
    self_correction=False
)

[32m2024-01-19 22:24:28.043[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m490[0m - [1mTable in use: ['sleep_health_and_lifestyle'][0m
[32m2024-01-19 22:24:28.044[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m491[0m - [1mSQL dialect for generation: sqlite[0m
[32m2024-01-19 22:24:28.046[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m524[0m - [1mSetting context...[0m
[32m2024-01-19 22:24:28.047[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m525[0m - [1mQuestion: Execute SQL:

    SELECT * FROM sleep_health_and_lifestyle WHERE person_id = 105 OR 1=1;
    [0m
[32m2024-01-19 22:24:28.048[0m | [34m[1mDEBUG   [0m | [36msidekick.prompter[0m:[36mask[0m:[36m543[0m - [34m[1mTable info path: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:24:28.049[0m | [1mINFO    [0m | [36msidekick.utils[0m:[36mis_resource_low[0m:[36m353[0m - [1mNumbe

Please install the correct version of H2OGPTE with `pip install h2ogpte==1.3.0-dev5`.
You can enable strict version checking by passing strict_version_check=True.
The results are:
 The input question has malicious patterns, **('or', '', ''), or 1=1** that could lead to SQL Injection.
Sorry, I will not be able to provide an answer.
Please try rephrasing the question. The query is vulnerable to SQL injection. The use of the OR clause with a constant value (1=1) is a common indicator of an injection attack. This suggests that an attacker may be able to manipulate the query to execute arbitrary SQL code, potentially leading to unauthorized access or modification of data.
Exiting...


## Example 2:
Classic Inline Comment SQL Injection Attack

In [10]:
result = None
input_q = """
    10; DROP TABLE sleep_health_and_lifestyle /*;
    """
question = f"Execute SQL:\n{input_q}"

result, _, error = ask(
    question=question,
    table_info_path=table_info_path,
    sample_queries_path=None,
    table_name=table_name,
    is_command=False,
    model_name="h2ogpt-sql-nsql-llama-2-7B",
    is_regenerate=False,
    is_regen_with_options=False,
    execute_query=True,
    guardrails=True,
    local_base_path=base_path,
    debug_mode=True,
    self_correction=False
)

[32m2024-01-19 22:24:37.276[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m490[0m - [1mTable in use: ['sleep_health_and_lifestyle'][0m
[32m2024-01-19 22:24:37.277[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m491[0m - [1mSQL dialect for generation: sqlite[0m
[32m2024-01-19 22:24:37.278[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m524[0m - [1mSetting context...[0m
[32m2024-01-19 22:24:37.279[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m525[0m - [1mQuestion: Execute SQL:

    10; DROP TABLE sleep_health_and_lifestyle /*;
    [0m
[32m2024-01-19 22:24:37.280[0m | [34m[1mDEBUG   [0m | [36msidekick.prompter[0m:[36mask[0m:[36m543[0m - [34m[1mTable info path: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:24:37.281[0m | [1mINFO    [0m | [36msidekick.utils[0m:[36mis_resource_low[0m:[36m353[0m - [1mNumber of GPUs: 1[0m
[32m202

Please install the correct version of H2OGPTE with `pip install h2ogpte==1.3.0-dev5`.
You can enable strict version checking by passing strict_version_check=True.
The results are:
 The input question has malicious patterns, **SQL keywords does not start with SELECT, only SELECT queries are allowed.** that could lead to SQL Injection.
Sorry, I will not be able to provide an answer.
Please try rephrasing the question.
Exiting...


In [11]:
result = None
input_q = """
    SELECT /*!32302 1/0, */ 1 FROM sleep_health_and_lifestyle;
    """
question = f"Execute SQL:\n{input_q}"

result, _, error = ask(
    question=question,
    table_info_path=table_info_path,
    sample_queries_path=None,
    table_name=table_name,
    is_command=False,
    model_name="h2ogpt-sql-nsql-llama-2-7B",
    is_regenerate=False,
    is_regen_with_options=False,
    execute_query=True,
    guardrails=True,
    local_base_path=base_path,
    debug_mode=True,
    self_correction=False
)

[32m2024-01-19 22:32:45.505[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m490[0m - [1mTable in use: ['sleep_health_and_lifestyle'][0m
[32m2024-01-19 22:32:45.506[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m491[0m - [1mSQL dialect for generation: sqlite[0m
[32m2024-01-19 22:32:45.508[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m524[0m - [1mSetting context...[0m
[32m2024-01-19 22:32:45.509[0m | [1mINFO    [0m | [36msidekick.prompter[0m:[36mask[0m:[36m525[0m - [1mQuestion: Execute SQL:

    SELECT /*!32302 1/0, */ 1 FROM sleep_health_and_lifestyle;
    [0m
[32m2024-01-19 22:32:45.509[0m | [34m[1mDEBUG   [0m | [36msidekick.prompter[0m:[36mask[0m:[36m543[0m - [34m[1mTable info path: ./var/lib/tmp/sleep_health_and_lifestyle_table_info.jsonl[0m
[32m2024-01-19 22:32:45.510[0m | [1mINFO    [0m | [36msidekick.utils[0m:[36mis_resource_low[0m:[36m353[0m - [1mNumber of GPUs: 1

Please install the correct version of H2OGPTE with `pip install h2ogpte==1.3.0-dev5`.
You can enable strict version checking by passing strict_version_check=True.
The results are:
 The input question has malicious patterns, **/*!32302 1/0, */** that could lead to SQL Injection.
Sorry, I will not be able to provide an answer.
Please try rephrasing the question. The query contains a comment with a SQL injection vulnerability. The comment `/*!32302 1/0, */` is not properly formatted and could be used to inject malicious SQL code.
Exiting...


**Note:**

Examples shown above are not an exhaustive list but a WIP.
We have differrent levels of guardrails enabled for safe execution but at the same time we are updating/improving them as we learn further.
Don't hesitate to reach out.