demo: complex ORM/non-ORM query showcase (CTE, UNION, LEFT JOIN)#7
demo: complex ORM/non-ORM query showcase (CTE, UNION, LEFT JOIN)#7
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| select(User.id.label("id"), User.email.label("email")) | ||
| .where(User.active.is_(True)) | ||
| .cte("active_users") |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Origin: SQLAlchemy query builder | Query: SELECT "User"."id", "User"."email" FROM "User" WHERE 1=1
| ) | ||
|
|
||
| # Intentionally no LIMIT on outer query -> VG004 expected. | ||
| stmt = select(active_users.c.id, active_users.c.email).order_by(active_users.c.id) |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Origin: SQLAlchemy query builder | Query: SELECT "active_users"."c"."id", "active_users"."c"."email" FROM "active_users"
|
|
||
|
|
||
| def orm_union_all_unbounded(session: Session): | ||
| q_active = session.query(User.id, User.email).filter(User.active.is_(True)) |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Origin: SQLAlchemy query builder | Query: SELECT "User"."id", "User"."email" FROM "User" WHERE 1=1
|
|
||
| def orm_union_all_unbounded(session: Session): | ||
| q_active = session.query(User.id, User.email).filter(User.active.is_(True)) | ||
| q_inactive = session.query(User.id, User.email).filter(User.active.is_(False)) |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Origin: SQLAlchemy query builder | Query: SELECT "User"."id", "User"."email" FROM "User" WHERE 1=1
| return session.execute( | ||
| text( | ||
| """ | ||
| WITH active_users AS ( | ||
| SELECT * | ||
| FROM users | ||
| WHERE users.active = true | ||
| ) | ||
| SELECT active_users.id, active_users.email | ||
| FROM active_users | ||
| ORDER BY active_users.id | ||
| """ | ||
| ) | ||
| ).all() |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: WITH active_users AS (
| return session.execute( | ||
| text( | ||
| """ | ||
| SELECT users.id, users.email | ||
| FROM users | ||
| WHERE users.active = true | ||
| UNION ALL | ||
| SELECT users.id, users.email | ||
| FROM users | ||
| WHERE users.active = false | ||
| """ | ||
| ) | ||
| ).all() |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT users.id, users.email
| return session.execute( | ||
| text( | ||
| """ | ||
| SELECT users.id, users.email, orders.status | ||
| FROM users | ||
| LEFT JOIN orders ON users.id = orders.user_id | ||
| WHERE orders.ghost_status = 'pending' | ||
| ORDER BY users.id | ||
| LIMIT 100 | ||
| """ | ||
| ) | ||
| ).all() |
There was a problem hiding this comment.
🚫 [valk-guard] reported by reviewdog 🐶
VG106: filter predicate column "ghost_status" not found in table "orders" schema; check predicate/group/order columns in schema/model mappings | Query: SELECT users.id, users.email, orders.status
| WITH active_users AS ( | ||
| SELECT * | ||
| FROM users | ||
| WHERE users.active = true | ||
| ) | ||
| SELECT active_users.id, active_users.email | ||
| FROM active_users | ||
| ORDER BY active_users.id; |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: WITH active_users AS (
| SELECT users.id, users.email | ||
| FROM users | ||
| WHERE users.active = true | ||
| UNION ALL | ||
| SELECT users.id, users.email | ||
| FROM users | ||
| WHERE users.active = false; |
There was a problem hiding this comment.
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT users.id, users.email
| SELECT users.id, users.email, orders.status | ||
| FROM users | ||
| LEFT JOIN orders ON users.id = orders.user_id | ||
| WHERE orders.ghost_status = 'pending' | ||
| ORDER BY users.id | ||
| LIMIT 100; |
There was a problem hiding this comment.
🚫 [valk-guard] reported by reviewdog 🐶
VG106: filter predicate column "ghost_status" not found in table "orders" schema; check predicate/group/order columns in schema/model mappings | Query: SELECT users.id, users.email, orders.status
eitamring
force-pushed
the
demo/complex-query-patterns
branch
from
b56b54a to
d24b782
Compare
1 participant
Purpose
Add a realistic complex-query intentional-failure showcase for both ORM and non-ORM paths, so contributors can validate parser/extractor behavior beyond simple statements.
Included Query Shapes
WITH ...)UNION ALLLEFT JOINFiles
demo/complex-patterns/sql/schema.sqldemo/complex-patterns/sql/complex_queries.sqldemo/complex-patterns/python/orm_complex.pydemo/complex-patterns/python/raw_complex.pydemo/complex-patterns/README.mdExpected Findings (Intentional)
This folder is expected to produce findings, not pass cleanly:
VG004(unbounded select): expected in CTE/UNION patterns without final limitVG106(unknown filter column): expected onLEFT JOINfilters usingorders.ghost_statusVerified on this branch:
10total findings8x VG0042x VG106ORM vs Non-ORM Coverage
select(...),.query(...).union_all(...),.outerjoin(...))session.execute(text(...))raw SQL with equivalent complex shapesExtra Included
This branch also includes the already-proven CI compatibility commits:
VALK_GUARD_INSTALL_REFfor reproducible CI behavior