fix(dbs): remove harness from validation on user-provided db creds (#2308)

Author: waleedlatif1

apps/sim/app/api/tools/mysql/utils.ts

@@ -19,7 +19,6 @@ export async function createMySQLConnection(config: MySQLConnectionConfig) {
   }
 
   if (config.ssl === 'disabled') {
-    // Don't set ssl property at all to disable SSL
   } else if (config.ssl === 'required') {
     connectionConfig.ssl = { rejectUnauthorized: true }
   } else if (config.ssl === 'preferred') {
@@ -54,42 +53,6 @@ export async function executeQuery(
 export function validateQuery(query: string): { isValid: boolean; error?: string } {
   const trimmedQuery = query.trim().toLowerCase()
 
-  const dangerousPatterns = [
-    /drop\s+database/i,
-    /drop\s+schema/i,
-    /drop\s+user/i,
-    /create\s+user/i,
-    /grant\s+/i,
-    /revoke\s+/i,
-    /alter\s+user/i,
-    /set\s+global/i,
-    /set\s+session/i,
-    /load\s+data/i,
-    /into\s+outfile/i,
-    /into\s+dumpfile/i,
-    /load_file\s*\(/i,
-    /system\s+/i,
-    /exec\s+/i,
-    /execute\s+immediate/i,
-    /xp_cmdshell/i,
-    /sp_configure/i,
-    /information_schema\.tables/i,
-    /mysql\.user/i,
-    /mysql\.db/i,
-    /mysql\.host/i,
-    /performance_schema/i,
-    /sys\./i,
-  ]
-
-  for (const pattern of dangerousPatterns) {
-    if (pattern.test(query)) {
-      return {
-        isValid: false,
-        error: `Query contains potentially dangerous operation: ${pattern.source}`,
-      }
-    }
-  }
-
   const allowedStatements = /^(select|insert|update|delete|with|show|describe|explain)\s+/i
   if (!allowedStatements.test(trimmedQuery)) {
     return {

apps/sim/app/api/tools/neo4j/utils.ts

@@ -30,44 +30,14 @@ export async function createNeo4jDriver(config: Neo4jConnectionConfig) {
   return driver
 }
 
-export function validateCypherQuery(
-  query: string,
-  allowDangerousOps = false
-): { isValid: boolean; error?: string } {
+export function validateCypherQuery(query: string): { isValid: boolean; error?: string } {
   if (!query || typeof query !== 'string') {
     return {
       isValid: false,
       error: 'Query must be a non-empty string',
     }
   }
 
-  if (!allowDangerousOps) {
-    const dangerousPatterns = [
-      /DROP\s+DATABASE/i,
-      /DROP\s+CONSTRAINT/i,
-      /DROP\s+INDEX/i,
-      /CREATE\s+DATABASE/i,
-      /CREATE\s+CONSTRAINT/i,
-      /CREATE\s+INDEX/i,
-      /CALL\s+dbms\./i,
-      /CALL\s+db\./i,
-      /LOAD\s+CSV/i,
-      /apoc\.cypher\.run/i,
-      /apoc\.load/i,
-      /apoc\.periodic/i,
-    ]
-
-    for (const pattern of dangerousPatterns) {
-      if (pattern.test(query)) {
-        return {
-          isValid: false,
-          error:
-            'Query contains potentially dangerous operations (schema changes, system procedures, or external data loading)',
-        }
-      }
-    }
-  }
-
   const trimmedQuery = query.trim()
   if (trimmedQuery.length === 0) {
     return {

apps/sim/app/api/tools/postgresql/utils.ts

@@ -42,46 +42,6 @@ export async function executeQuery(
 export function validateQuery(query: string): { isValid: boolean; error?: string } {
   const trimmedQuery = query.trim().toLowerCase()
 
-  // Block dangerous SQL operations
-  const dangerousPatterns = [
-    /drop\s+database/i,
-    /drop\s+schema/i,
-    /drop\s+user/i,
-    /create\s+user/i,
-    /create\s+role/i,
-    /grant\s+/i,
-    /revoke\s+/i,
-    /alter\s+user/i,
-    /alter\s+role/i,
-    /set\s+role/i,
-    /reset\s+role/i,
-    /copy\s+.*from/i,
-    /copy\s+.*to/i,
-    /lo_import/i,
-    /lo_export/i,
-    /pg_read_file/i,
-    /pg_write_file/i,
-    /pg_ls_dir/i,
-    /information_schema\.tables/i,
-    /pg_catalog/i,
-    /pg_user/i,
-    /pg_shadow/i,
-    /pg_roles/i,
-    /pg_authid/i,
-    /pg_stat_activity/i,
-    /dblink/i,
-    /\\\\copy/i,
-  ]
-
-  for (const pattern of dangerousPatterns) {
-    if (pattern.test(query)) {
-      return {
-        isValid: false,
-        error: `Query contains potentially dangerous operation: ${pattern.source}`,
-      }
-    }
-  }
-
   const allowedStatements = /^(select|insert|update|delete|with|explain|analyze|show)\s+/i
   if (!allowedStatements.test(trimmedQuery)) {
     return {

apps/sim/app/api/tools/rds/query/route.ts

@@ -25,7 +25,6 @@ export async function POST(request: NextRequest) {
 
     logger.info(`[${requestId}] Executing RDS query on ${params.database}`)
 
-    // Validate the query
     const validation = validateQuery(params.query)
     if (!validation.isValid) {
       logger.warn(`[${requestId}] Query validation failed: ${validation.error}`)

apps/sim/app/api/tools/rds/utils.ts

@@ -82,29 +82,6 @@ function parseFieldValue(field: Field): unknown {
 export function validateQuery(query: string): { isValid: boolean; error?: string } {
   const trimmedQuery = query.trim().toLowerCase()
 
-  const dangerousPatterns = [
-    /drop\s+database/i,
-    /drop\s+schema/i,
-    /drop\s+user/i,
-    /create\s+user/i,
-    /create\s+role/i,
-    /grant\s+/i,
-    /revoke\s+/i,
-    /alter\s+user/i,
-    /alter\s+role/i,
-    /set\s+role/i,
-    /reset\s+role/i,
-  ]
-
-  for (const pattern of dangerousPatterns) {
-    if (pattern.test(query)) {
-      return {
-        isValid: false,
-        error: `Query contains potentially dangerous operation: ${pattern.source}`,
-      }
-    }
-  }
-
   const allowedStatements = /^(select|insert|update|delete|with|explain|show)\s+/i
   if (!allowedStatements.test(trimmedQuery)) {
     return {