Allow ESCAPE in LIKE clauses to be valid SQL (#31222)

for #30109

# Details

This PR fixes an issue in our current SQL parsing library that was
causing queries like this to be marked invalid:

```
SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\'
```

This is valid in SQLite because the `\` is not considered an escape
character by default. From [the SQLite
docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal
Values (Constants)"; emphasis mine):

> A string constant is formed by enclosing the string in single quotes
('). A single quote within the string can be encoded by putting two
single quotes in a row - as in Pascal. C-style escapes using the
backslash character are not supported because they are not standard SQL.

# Use of forked code

Part of the fix for this was [submitted as a PR to the node-sql-parser
library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we
now use, and merged. I then found that another fix was needed, which I
submitted as [a separate
PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As
these fixes have yet to be made part of an official release of the
library, I made a fork off of the release we were using (5.3.10) and
bundled the necessary build artifacts with Fleet. We have an [ADR
proposing the use of submodules for this
purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to
implement that instead if we approve that, although for a front-end
module with a build step it's a bit more complicated. Hopefully this
code will be released in `node-sql-parser` soon and we can revert back
to using the dependency.

Here is the [full set of
changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus).

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality

.eslintignore

@@ -0,0 +1 @@
+frontend/utilities/node-sql-parser

.prettierignore

@@ -34,6 +34,7 @@ website/
 # certain frontend files that are not meant to be formatted
 frontend/components/FleetAce/mode.ts
 frontend/components/FleetAce/theme.ts
+frontend/utilities/node-sql-parser
 
 # github workflow yaml, which may contain shell scripts that shouldn't be formatted
 .github/workflows/*

changes/30109-fix-sql-like-clause

@@ -0,0 +1 @@
+- Fixed an issue where using ESCAPE in a LIKE clause caused SQL validation to fail

frontend/components/forms/validators/validate_query/index.js

@@ -1,4 +1,4 @@
-import { Parser } from "node-sql-parser";
+import { Parser } from "utilities/node-sql-parser/sqlite";
 import { includes, some } from "lodash";
 
 const invalidQueryResponse = (message) => {

frontend/utilities/node-sql-parser/README.md

@@ -0,0 +1,12 @@
+# About
+
+This is compiled from a [fork](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus) of the 5.3.10 release of [node-sql-parser library](https://github.com/sgress454/node-sql-parser/tree/sgress454/add-escape-to-sqlite-like) created to fix issue [#30109](https://github.com/fleetdm/fleet/issues/30109).
+
+Once a new release of node-sql-parser comes out with this code in it, we can revert back to using `node-sql-parser` as a dependency in Fleet.
+
+# To compile
+
+1. Check out https://github.com/sgress454/node-sql-parser/tree/5.3.10-plus
+2. `npm install`
+3. `npm run build`
+4. `cp output/prod/build/sqlite.* /path/to/fleet/frontend/utilities/node-sql-parser`

frontend/utilities/node-sql-parser/sqlite.d.ts

@@ -0,0 +1 @@
+export * from '../types';

frontend/utilities/sql_tools.tests.ts

@@ -2,6 +2,7 @@ import { checkTable } from "./sql_tools";
 
 describe("checkTable", () => {
   // from https://github.com/fleetdm/fleet/issues/26366
+  // and  https://github.com/fleetdm/fleet/issues/30109
   const SQL = `
 WITH extension_safety_hub_menu_notifications AS (
 	SELECT 
@@ -42,7 +43,7 @@ SELECT path,
 	timestamp,
 	triggering_extension
 FROM problematic_extensions
-WHERE triggering_extension IS NOT NULL;
+WHERE triggering_extension IS NOT NULL AND username NOT LIKE '\\_%' ESCAPE '\\';
 `;
   it("should return only real tables by default", () => {
     const { tables, error } = checkTable(SQL);

frontend/utilities/sql_tools.ts

@@ -1,5 +1,5 @@
 // @ts-ignore
-import { Parser } from "node-sql-parser";
+import { Parser } from "utilities/node-sql-parser/sqlite";
 import { intersection, isPlainObject, uniq } from "lodash";
 import { osqueryTablesAvailable } from "utilities/osquery_tables";
 import {

package.json

@@ -33,7 +33,6 @@
     "js-yaml": "3.14.1",
     "lodash": "4.17.21",
     "memoize-one": "5.2.1",
-    "node-sql-parser": "5.3.8",
     "normalizr": "3.6.2",
     "prop-types": "15.8.1",
     "proxy-middleware": "0.15.0",

yarn.lock

@@ -3677,11 +3677,6 @@
   resolved "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz"
   integrity sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==
 
-"@types/pegjs@^0.10.0":
-  version "0.10.6"
-  resolved "https://registry.yarnpkg.com/@types/pegjs/-/pegjs-0.10.6.tgz#bc20fc4809fed4cddab8d0dbee0e568803741a82"
-  integrity sha512-eLYXDbZWXh2uxf+w8sXS8d6KSoXTswfps6fvCUuVAGN8eRpfe7h9eSRydxiSJvo9Bf+GzifsDOr9TMQlmJdmkw==
-
 "@types/prettier@^2.1.5":
   version "2.7.1"
   resolved "https://registry.yarnpkg.com/@types/prettier/-/prettier-2.7.1.tgz#dfd20e2dc35f027cdd6c1908e80a5ddc7499670e"
@@ -4884,11 +4879,6 @@ big-integer@^1.6.16:
   resolved "https://registry.npmjs.org/big-integer/-/big-integer-1.6.51.tgz"
   integrity sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg==
 
-big-integer@^1.6.48:
-  version "1.6.52"
-  resolved "https://registry.yarnpkg.com/big-integer/-/big-integer-1.6.52.tgz#60a887f3047614a8e1bffe5d7173490a97dc8c85"
-  integrity sha512-QxD8cf2eVqJOOz63z6JIN9BzvVs/dlySa5HGSBH5xtR8dPteIRQnBxxKqkNTiT6jbDTF6jAfrd4oMcND9RGbQg==
-
 big.js@^5.2.2:
   version "5.2.2"
   resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328"
@@ -10858,14 +10848,6 @@ node-sass-magic-importer@^5.3.3:
     postcss-scss "^3.0.2"
     resolve "^1.17.0"
 
-node-sql-parser@5.3.8:
-  version "5.3.8"
-  resolved "https://registry.yarnpkg.com/node-sql-parser/-/node-sql-parser-5.3.8.tgz#b71db4cb80dc5302fc77d7b6ca3bcb269b2124bf"
-  integrity sha512-aqGTzK8kPJAwQ6tqdS0l+vX358LXMmZDw902ePfiPn3PSDsg2HeR2tHFioXNHJW00YHoic6VVYY80waFb/zdxw==
-  dependencies:
-    "@types/pegjs" "^0.10.0"
-    big-integer "^1.6.48"
-
 normalize-path@^3.0.0, normalize-path@~3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65"