Metadata-Version: 2.4
Name: sql-query-tagger
Version: 0.1.0
Summary: Static SQL query classifier and injection-risk analyzer for all Amazon RDS database engines
License-Expression: MIT
License-File: LICENSE
Requires-Python: >=3.9
Requires-Dist: sqlglot>=23.0.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Description-Content-Type: text/markdown

# sql-shield

Static SQL query classifier and injection-risk analyzer for all Amazon RDS database engines.

`sql-shield` parses a SQL query string and tells you:
- **Query type**: DDL, DML, DQL, DCL, TCL, UTILITY, PROCEDURAL, ADMIN, or UNKNOWN
- **Security risk**: LOW / MEDIUM / HIGH / CRITICAL, with the specific patterns that triggered it (injection patterns, stacked queries, destructive DDL, engine-specific dangerous functions/catalogs)

No database connection required — this is purely static analysis over the query text.

## Supported engines

| Engine | Versions | sqlglot dialect |
|---|---|---|
| PostgreSQL | 11-17 | `postgres` |
| Aurora PostgreSQL | 11-16 | `postgres` |
| MySQL | 5.7, 8.0 | `mysql` |
| Aurora MySQL | 5.7, 8.0 | `mysql` |
| MariaDB | 10.6, 10.11, 11.4 | `mysql` |
| Oracle | 19c, 21c, 23ai | `oracle` |
| SQL Server | 2017, 2019, 2022 | `tsql` |

Listed versions are the ones with version-specific pattern tuning. Other versions of a supported engine still work — they fall back to the engine's base pattern set with a warning logged.

## Install

```bash
pip install sql-shield
```

## Quickstart

```python
from sql_shield import SQLClassifier

classifier = SQLClassifier(engine="postgresql", version="16")
result = classifier.classify_query("SELECT * FROM users WHERE id = 1 OR 1=1")

print(result.query_type)                       # QueryType.DQL
print(result.security_analysis.risk_level)     # RiskLevel.HIGH
print(result.security_analysis.detected_patterns)
print(result.security_analysis.recommendation)
```

## Limitations

- Static analysis only — it inspects query *text*, not a live schema, so it cannot tell you whether referenced tables/columns exist.
- The stacked-query check splits on `;` without parsing string literals, so a benign query containing a semicolon inside a string (e.g. `'a; b'`) may be flagged as multiple statements. Treat the risk score as a signal, not a verdict.

## License

MIT
