diff --git a/packages/server/src/services/data-source-query/validate-sql.test.ts b/packages/server/src/services/data-source-query/validate-sql.test.ts index 5c22a9b9..02b84965 100644 --- a/packages/server/src/services/data-source-query/validate-sql.test.ts +++ b/packages/server/src/services/data-source-query/validate-sql.test.ts @@ -290,6 +290,11 @@ describe("validateAndNormalizeReadOnlyQuery", () => { "SELECT nextval('users_id_seq')", "Side-effecting SQL functions are not allowed: nextval" ); + await expectValidationError( + "SELECT pg_advisory_lock(1)", + "Side-effecting SQL functions are not allowed: pg_advisory_lock", + "motherduck" + ); await expectValidationError( "SELECT GET_LOCK('users', 1)", "Side-effecting SQL functions are not allowed: get_lock", diff --git a/packages/server/src/services/data-source-query/validate-sql.ts b/packages/server/src/services/data-source-query/validate-sql.ts index ffe1104c..8aab3c95 100644 --- a/packages/server/src/services/data-source-query/validate-sql.ts +++ b/packages/server/src/services/data-source-query/validate-sql.ts @@ -723,7 +723,7 @@ function isUnsafeFunctionName( functionName: string, dbType: DatabaseCredentialProviderType ): boolean { - if (dbType === "postgres") { + if (dbType === "postgres" || dbType === "motherduck") { return ( POSTGRES_UNSAFE_FUNCTIONS.has(functionName) || functionName.startsWith("dblink_") ||