fleet/frontend/utilities/sql_tools.tests.ts

import { checkTable } from "./sql_tools";

describe("checkTable", () => {
  // from https://github.com/fleetdm/fleet/issues/26366
  // and  https://github.com/fleetdm/fleet/issues/30109
  // and  https://github.com/fleetdm/fleet/issues/34628
  const SQL = `
WITH extension_safety_hub_menu_notifications AS (
	SELECT
		1 & 0x2 AS test_bitwise, -- test bitwise AND operator
		parse_json.key,
		parse_json.fullkey,
		parse_json.path,
		parse_json.value
	FROM (
	    SELECT file.filename, file.path, file.btime FROM file WHERE path LIKE "/Users/%/Library/Application Support/Google/Chrome/%/Preferences" ORDER BY file.btime DESC limit 20
	    ) as chrome_preferences
	JOIN parse_json ON chrome_preferences.path = parse_json.path
	WHERE parse_json.path LIKE "/Users/%/Library/Application Support/Google/Chrome/%/Preferences" AND (
		fullkey IN ("profile/name", "profile/safety_hub_menu_notifications/extensions/isCurrentlyActive", "profile/safety_hub_menu_notifications/extensions/result/timestamp")
		OR fullkey Like "profile/safety_hub_menu_notifications/extensions/result/triggeringExtensions%"
	)
),
extension_details AS (
	SELECT path,
		CASE WHEN key = 'name' THEN value END AS profile_name,
		CASE WHEN key = 'isCurrentlyActive' THEN value END AS notification_active,
		CASE WHEN key GLOB '*[0-9]' THEN value END AS triggering_extension,
		CASE WHEN key = 'timestamp' THEN value END AS timestamp
	FROM extension_safety_hub_menu_notifications
	GROUP BY path, profile_name, notification_active, triggering_extension, timestamp
),
problematic_extensions AS (
	SELECT 
		path,
		MAX(profile_name) OVER (PARTITION by path) AS profile_name,
		MAX(notification_active) AS notification_active,
		MAX(timestamp) AS timestamp,
		triggering_extension
	FROM extension_details
)
SELECT path,
	profile_name,
	notification_active,
	timestamp,
	triggering_extension
FROM problematic_extensions
WHERE triggering_extension IS NOT NULL AND username NOT LIKE '\\_%' ESCAPE '\\';
`;
  it("should return only real tables by default", () => {
    const { tables, error } = checkTable(SQL);
    expect(error).toBeNull();
    expect(tables).toEqual(["file", "parse_json"]);
  });

  it("should return all tables if 'includeVirtualTables' is set", () => {
    const { tables, error } = checkTable(SQL, true);
    expect(error).toBeNull();
    // Note that json_each is _not_ returned here, as it is a function table.
    expect(tables).toEqual([
      "file",
      "parse_json",
      "chrome_preferences",
      "extension_safety_hub_menu_notifications",
      "extension_details",
      "problematic_extensions",
    ]);
  });

  it("should return an error if SQL is invalid", () => {
    const result = checkTable("SELECTx * FROM users");
    expect(result.error).not.toBeNull();
  });
});
Update SQL parser to handle more modern syntax (#28211) For #26366 # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. # Details This PR fixes an issue where the SQL parser in the UI doesn't recognize window functions like `OVER()` and marks the SQL as having syntax errors. The fix here is to update to a more modern parsing library. This involved updating some AST-parsing code we have for determining which tables are used in a query, for the purposes of feeding autocomplete and determining query compatibility. # Testing I tested this with the query mentioned in #26366 in Chrome, Firefox and Safari on MacOS. I also added new unit tests for our SQL helper functions. # Notes During testing I discovered that we were bundling two versions of the ACE editor into our frontend package. By upgrading one version by a couple of patches to make the two dependencies equal, we chop out ~300k from our bundle. 2025-04-16 15:10:52 +00:00			`import { checkTable } from "./sql_tools";`

			`describe("checkTable", () => {`
			`// from https://github.com/fleetdm/fleet/issues/26366`
Allow ESCAPE in LIKE clauses to be valid SQL (#31222) for #30109 # Details This PR fixes an issue in our current SQL parsing library that was causing queries like this to be marked invalid: ``` SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\' ``` This is valid in SQLite because the `\` is not considered an escape character by default. From [the SQLite docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal Values (Constants)"; emphasis mine): > A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. # Use of forked code Part of the fix for this was [submitted as a PR to the node-sql-parser library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we now use, and merged. I then found that another fix was needed, which I submitted as [a separate PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As these fixes have yet to be made part of an official release of the library, I made a fork off of the release we were using (5.3.10) and bundled the necessary build artifacts with Fleet. We have an [ADR proposing the use of submodules for this purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to implement that instead if we approve that, although for a front-end module with a build step it's a bit more complicated. Hopefully this code will be released in `node-sql-parser` soon and we can revert back to using the dependency. Here is the [full set of changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus). # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Manual QA for all new/changed functionality 2025-07-25 15:13:55 +00:00			`// and https://github.com/fleetdm/fleet/issues/30109`
Support bitwise operators in SQL editor (#35583) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34628 # Details This fixes an issue where valid bitwise operators are reject as invalid syntax in our SQL editor. This fix uses a forked version of the node-sql-parser library. I've [put a PR up to the upstream library](https://github.com/taozhi8833998/node-sql-parser/pull/2611), but there's also another PR that's waiting to be merged (and [another ticket we need to fix](https://github.com/fleetdm/fleet/issues/34635)) before we can revert to the upstream. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] QA'd all new/changed functionality manually Tested w/ query from original ticket: <img width="540" height="448" alt="image" src="https://github.com/user-attachments/assets/0285cdd7-60af-4adb-b562-f33b98937cae" /> 2025-11-13 16:39:16 +00:00			`// and https://github.com/fleetdm/fleet/issues/34628`
Update SQL parser to handle more modern syntax (#28211) For #26366 # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. # Details This PR fixes an issue where the SQL parser in the UI doesn't recognize window functions like `OVER()` and marks the SQL as having syntax errors. The fix here is to update to a more modern parsing library. This involved updating some AST-parsing code we have for determining which tables are used in a query, for the purposes of feeding autocomplete and determining query compatibility. # Testing I tested this with the query mentioned in #26366 in Chrome, Firefox and Safari on MacOS. I also added new unit tests for our SQL helper functions. # Notes During testing I discovered that we were bundling two versions of the ACE editor into our frontend package. By upgrading one version by a couple of patches to make the two dependencies equal, we chop out ~300k from our bundle. 2025-04-16 15:10:52 +00:00			const SQL = `
			`WITH extension_safety_hub_menu_notifications AS (`
Support bitwise operators in SQL editor (#35583) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34628 # Details This fixes an issue where valid bitwise operators are reject as invalid syntax in our SQL editor. This fix uses a forked version of the node-sql-parser library. I've [put a PR up to the upstream library](https://github.com/taozhi8833998/node-sql-parser/pull/2611), but there's also another PR that's waiting to be merged (and [another ticket we need to fix](https://github.com/fleetdm/fleet/issues/34635)) before we can revert to the upstream. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] QA'd all new/changed functionality manually Tested w/ query from original ticket: <img width="540" height="448" alt="image" src="https://github.com/user-attachments/assets/0285cdd7-60af-4adb-b562-f33b98937cae" /> 2025-11-13 16:39:16 +00:00			`SELECT`
			`1 & 0x2 AS test_bitwise, -- test bitwise AND operator`
Update SQL parser to handle more modern syntax (#28211) For #26366 # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. # Details This PR fixes an issue where the SQL parser in the UI doesn't recognize window functions like `OVER()` and marks the SQL as having syntax errors. The fix here is to update to a more modern parsing library. This involved updating some AST-parsing code we have for determining which tables are used in a query, for the purposes of feeding autocomplete and determining query compatibility. # Testing I tested this with the query mentioned in #26366 in Chrome, Firefox and Safari on MacOS. I also added new unit tests for our SQL helper functions. # Notes During testing I discovered that we were bundling two versions of the ACE editor into our frontend package. By upgrading one version by a couple of patches to make the two dependencies equal, we chop out ~300k from our bundle. 2025-04-16 15:10:52 +00:00			`parse_json.key,`
			`parse_json.fullkey,`
			`parse_json.path,`
			`parse_json.value`
			`FROM (`
			`SELECT file.filename, file.path, file.btime FROM file WHERE path LIKE "/Users/%/Library/Application Support/Google/Chrome/%/Preferences" ORDER BY file.btime DESC limit 20`
			`) as chrome_preferences`
			`JOIN parse_json ON chrome_preferences.path = parse_json.path`
			`WHERE parse_json.path LIKE "/Users/%/Library/Application Support/Google/Chrome/%/Preferences" AND (`
			`fullkey IN ("profile/name", "profile/safety_hub_menu_notifications/extensions/isCurrentlyActive", "profile/safety_hub_menu_notifications/extensions/result/timestamp")`
			`OR fullkey Like "profile/safety_hub_menu_notifications/extensions/result/triggeringExtensions%"`
			`)`
			`),`
			`extension_details AS (`
			`SELECT path,`
			`CASE WHEN key = 'name' THEN value END AS profile_name,`
			`CASE WHEN key = 'isCurrentlyActive' THEN value END AS notification_active,`
			`CASE WHEN key GLOB '*[0-9]' THEN value END AS triggering_extension,`
			`CASE WHEN key = 'timestamp' THEN value END AS timestamp`
			`FROM extension_safety_hub_menu_notifications`
			`GROUP BY path, profile_name, notification_active, triggering_extension, timestamp`
			`),`
			`problematic_extensions AS (`
			`SELECT`
			`path,`
			`MAX(profile_name) OVER (PARTITION by path) AS profile_name,`
			`MAX(notification_active) AS notification_active,`
			`MAX(timestamp) AS timestamp,`
			`triggering_extension`
			`FROM extension_details`
			`)`
			`SELECT path,`
			`profile_name,`
			`notification_active,`
			`timestamp,`
			`triggering_extension`
			`FROM problematic_extensions`
Allow ESCAPE in LIKE clauses to be valid SQL (#31222) for #30109 # Details This PR fixes an issue in our current SQL parsing library that was causing queries like this to be marked invalid: ``` SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\' ``` This is valid in SQLite because the `\` is not considered an escape character by default. From [the SQLite docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal Values (Constants)"; emphasis mine): > A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. # Use of forked code Part of the fix for this was [submitted as a PR to the node-sql-parser library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we now use, and merged. I then found that another fix was needed, which I submitted as [a separate PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As these fixes have yet to be made part of an official release of the library, I made a fork off of the release we were using (5.3.10) and bundled the necessary build artifacts with Fleet. We have an [ADR proposing the use of submodules for this purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to implement that instead if we approve that, although for a front-end module with a build step it's a bit more complicated. Hopefully this code will be released in `node-sql-parser` soon and we can revert back to using the dependency. Here is the [full set of changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus). # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Manual QA for all new/changed functionality 2025-07-25 15:13:55 +00:00			`WHERE triggering_extension IS NOT NULL AND username NOT LIKE '\\_%' ESCAPE '\\';`
Update SQL parser to handle more modern syntax (#28211) For #26366 # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. # Details This PR fixes an issue where the SQL parser in the UI doesn't recognize window functions like `OVER()` and marks the SQL as having syntax errors. The fix here is to update to a more modern parsing library. This involved updating some AST-parsing code we have for determining which tables are used in a query, for the purposes of feeding autocomplete and determining query compatibility. # Testing I tested this with the query mentioned in #26366 in Chrome, Firefox and Safari on MacOS. I also added new unit tests for our SQL helper functions. # Notes During testing I discovered that we were bundling two versions of the ACE editor into our frontend package. By upgrading one version by a couple of patches to make the two dependencies equal, we chop out ~300k from our bundle. 2025-04-16 15:10:52 +00:00			`;
			`it("should return only real tables by default", () => {`
			`const { tables, error } = checkTable(SQL);`
			`expect(error).toBeNull();`
			`expect(tables).toEqual(["file", "parse_json"]);`
			`});`

			`it("should return all tables if 'includeVirtualTables' is set", () => {`
			`const { tables, error } = checkTable(SQL, true);`
			`expect(error).toBeNull();`
			`// Note that json_each is _not_ returned here, as it is a function table.`
			`expect(tables).toEqual([`
			`"file",`
			`"parse_json",`
			`"chrome_preferences",`
			`"extension_safety_hub_menu_notifications",`
			`"extension_details",`
			`"problematic_extensions",`
			`]);`
			`});`

Support bitwise operators in SQL editor (#35583) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #34628 # Details This fixes an issue where valid bitwise operators are reject as invalid syntax in our SQL editor. This fix uses a forked version of the node-sql-parser library. I've [put a PR up to the upstream library](https://github.com/taozhi8833998/node-sql-parser/pull/2611), but there's also another PR that's waiting to be merged (and [another ticket we need to fix](https://github.com/fleetdm/fleet/issues/34635)) before we can revert to the upstream. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [X] Added/updated automated tests - [X] QA'd all new/changed functionality manually Tested w/ query from original ticket: <img width="540" height="448" alt="image" src="https://github.com/user-attachments/assets/0285cdd7-60af-4adb-b562-f33b98937cae" /> 2025-11-13 16:39:16 +00:00			`it("should return an error if SQL is invalid", () => {`
Update SQL parser to handle more modern syntax (#28211) For #26366 # Checklist for submitter - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. # Details This PR fixes an issue where the SQL parser in the UI doesn't recognize window functions like `OVER()` and marks the SQL as having syntax errors. The fix here is to update to a more modern parsing library. This involved updating some AST-parsing code we have for determining which tables are used in a query, for the purposes of feeding autocomplete and determining query compatibility. # Testing I tested this with the query mentioned in #26366 in Chrome, Firefox and Safari on MacOS. I also added new unit tests for our SQL helper functions. # Notes During testing I discovered that we were bundling two versions of the ACE editor into our frontend package. By upgrading one version by a couple of patches to make the two dependencies equal, we chop out ~300k from our bundle. 2025-04-16 15:10:52 +00:00			`const result = checkTable("SELECTx * FROM users");`
			`expect(result.error).not.toBeNull();`
			`});`
			`});`