Skip to content

test: add adversarial guardrail fixtures#3

Open
kholdrex wants to merge 1 commit into
masterfrom
test/adversarial-sql-fixtures
Open

test: add adversarial guardrail fixtures#3
kholdrex wants to merge 1 commit into
masterfrom
test/adversarial-sql-fixtures

Conversation

@kholdrex
Copy link
Copy Markdown
Owner

@kholdrex kholdrex commented May 30, 2026

Summary

Adds a fixture-driven adversarial guardrail corpus for CodeToQuery. The new coverage exercises SQL linter rejection paths and validator allowlist/policy enforcement for common bypass patterns, while hardening validator key access so policy checks apply consistently after schema validation.

Changes

  • Adds YAML adversarial fixtures for SQL injection and intent allowlist bypass scenarios.
  • Drives new SqlLinter and Validator specs from those fixtures.
  • Updates Validator allowlist enforcement to read string- and symbol-keyed hashes consistently.
  • Adds regression coverage for default EXISTS filter columns using the validated intent key style.

Test plan

  • Static diff check passed.
  • YAML fixture files were parsed and category coverage was verified locally.
  • Independent GPT and Claude Code reviews completed with no blocking findings.
  • Full Ruby/RSpec/RuboCop execution is deferred to GitHub Actions because Ruby and Bundler are not installed on this host.

@kholdrex kholdrex force-pushed the test/adversarial-sql-fixtures branch 4 times, most recently from 9ab61ce to edd7069 Compare May 30, 2026 06:20
@kholdrex kholdrex force-pushed the test/adversarial-sql-fixtures branch from edd7069 to 49447c0 Compare May 30, 2026 06:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kholdrex