Block all server-rejected SQL patterns in SDK (save round-trip)

All checks in one place (_sql_guardrails) for easy future bypass.

BLOCKED (ValidationError -- saves network round-trip):
- INSERT/UPDATE/DELETE/DROP/etc. (write statements)
- CROSS JOIN, RIGHT JOIN, FULL OUTER JOIN (unsupported join types)
- UNION / UNION ALL
- HAVING
- CTE (WITH ... AS)
- Subqueries (IN (SELECT ...), EXISTS (SELECT ...))

WARNED (UserWarning -- query executes, advisory only):
- LIKE '%value' (leading-wildcard, full table scan)
- FROM a, b (implicit cartesian, server allows but risky)
- SELECT * with JOIN (partial expansion)

Principle: block what server blocks (save time), warn what server
allows but is risky (respect user intent).

14 new tests, 770 total passing.

Author: Saurabh Badenkal

src/PowerPlatform/Dataverse/core/_error_codes.py

@@ -43,6 +43,7 @@
 VALIDATION_SQL_EMPTY = "validation_sql_empty"
 VALIDATION_SQL_WRITE_BLOCKED = "validation_sql_write_blocked"
 VALIDATION_SQL_CROSS_JOIN_BLOCKED = "validation_sql_cross_join_blocked"
+VALIDATION_SQL_UNSUPPORTED_SYNTAX = "validation_sql_unsupported_syntax"
 VALIDATION_ENUM_NO_MEMBERS = "validation_enum_no_members"
 VALIDATION_ENUM_NON_INT_VALUE = "validation_enum_non_int_value"
 VALIDATION_UNSUPPORTED_COLUMN_TYPE = "validation_unsupported_column_type"

src/PowerPlatform/Dataverse/data/_odata.py

@@ -30,6 +30,7 @@
     VALIDATION_SQL_EMPTY,
     VALIDATION_SQL_WRITE_BLOCKED,
     VALIDATION_SQL_CROSS_JOIN_BLOCKED,
+    VALIDATION_SQL_UNSUPPORTED_SYNTAX,
     METADATA_ENTITYSET_NOT_FOUND,
     METADATA_ENTITYSET_NAME_MISSING,
     METADATA_TABLE_NOT_FOUND,
@@ -845,6 +846,18 @@ def _do_request(url: str, *, params: Optional[Dict[str, Any]] = None) -> Dict[st
         re.IGNORECASE,
     )
     _SQL_HAS_JOIN_RE = re.compile(r"\bJOIN\b", re.IGNORECASE)
+    # Server-blocked SQL patterns (save the round-trip by catching early)
+    _SQL_UNSUPPORTED_JOIN_RE = re.compile(
+        r"\b(?:CROSS\s+JOIN|RIGHT\s+(?:OUTER\s+)?JOIN|FULL\s+(?:OUTER\s+)?JOIN)\b",
+        re.IGNORECASE,
+    )
+    _SQL_UNION_RE = re.compile(r"\bUNION\b", re.IGNORECASE)
+    _SQL_HAVING_RE = re.compile(r"\bHAVING\b", re.IGNORECASE)
+    _SQL_CTE_RE = re.compile(r"^\s*WITH\b", re.IGNORECASE)
+    _SQL_SUBQUERY_RE = re.compile(
+        r"\bIN\s*\(\s*SELECT\b|\bEXISTS\s*\(\s*SELECT\b|\(\s*SELECT\b.*\bFROM\b",
+        re.IGNORECASE,
+    )
 
     def _expand_select_star(self, sql: str, table: str) -> str:
         """Replace ``SELECT *`` with explicit column names.
@@ -887,26 +900,33 @@ def _expand_select_star(self, sql: str, table: str) -> str:
     def _sql_guardrails(self, sql: str) -> str:
         """Apply safety guardrails to a SQL query before sending to the server.
 
-        Checks performed (in order):
+        Checks split into two categories:
 
-        1. **Block write statements** -- ``INSERT``, ``UPDATE``, ``DELETE``,
-           ``DROP``, ``TRUNCATE``, ``ALTER``, ``CREATE``, ``EXEC``, ``GRANT``,
-           ``REVOKE``, ``BULK`` are rejected with ``ValidationError``.
-        2. **Warn on leading-wildcard LIKE** -- ``LIKE '%...'`` patterns
-           force full table scans and hurt shared database performance.
-        3. **Warn on implicit cross joins** -- ``FROM a, b`` (comma syntax)
-           produces cartesian products.
+        **Blocked** (``ValidationError`` -- saves a server round-trip):
 
-        .. note::
-           The server enforces a 5000-row maximum per query and blocks
-           ``SELECT *`` directly.  The SDK handles ``SELECT *`` via
-           ``_expand_select_star``.  No client-side TOP injection is needed
-           because the server already caps results.
+        1. Write statements (INSERT/UPDATE/DELETE/DROP/etc.)
+        2. CROSS JOIN, RIGHT JOIN, FULL OUTER JOIN (server rejects these)
+        3. UNION / UNION ALL (server rejects)
+        4. HAVING clause (server rejects)
+        5. CTE / WITH clause (server rejects)
+        6. Subqueries -- IN (SELECT ...), EXISTS (SELECT ...) (server rejects)
+
+        **Warned** (``UserWarning`` -- query still executes):
+
+        7. Leading-wildcard LIKE (full table scan)
+        8. Implicit cross join FROM a, b (cartesian product)
+
+        All blocked patterns are also blocked by the server, but catching
+        them here saves the network round-trip and provides clearer error
+        messages. To bypass a specific check (e.g., if the server adds
+        support in the future), all checks are in this single method.
 
         :param sql: The SQL string (already stripped).
-        :return: Possibly-rewritten SQL string.
-        :raises ValidationError: If the SQL contains a write statement.
+        :return: The SQL string (unchanged unless rewritten).
+        :raises ValidationError: If the SQL contains a blocked pattern.
         """
+        # --- BLOCKED (save server round-trip) ---
+
         # 1. Block writes
         if self._SQL_WRITE_RE.search(sql):
             raise ValidationError(
@@ -916,7 +936,53 @@ def _sql_guardrails(self, sql: str) -> str:
                 subcode=VALIDATION_SQL_WRITE_BLOCKED,
             )
 
-        # 2. Warn on leading-wildcard LIKE
+        # 2. Block unsupported JOIN types
+        m = self._SQL_UNSUPPORTED_JOIN_RE.search(sql)
+        if m:
+            raise ValidationError(
+                f"Unsupported JOIN type: '{m.group(0).strip()}'. "
+                "Only INNER JOIN and LEFT JOIN are supported by the "
+                "Dataverse SQL endpoint.",
+                subcode=VALIDATION_SQL_UNSUPPORTED_SYNTAX,
+            )
+
+        # 3. Block UNION
+        if self._SQL_UNION_RE.search(sql):
+            raise ValidationError(
+                "UNION is not supported by the Dataverse SQL endpoint. "
+                "Execute separate queries and combine results in Python "
+                "(e.g. pd.concat([df1, df2])).",
+                subcode=VALIDATION_SQL_UNSUPPORTED_SYNTAX,
+            )
+
+        # 4. Block HAVING
+        if self._SQL_HAVING_RE.search(sql):
+            raise ValidationError(
+                "HAVING is not supported by the Dataverse SQL endpoint. "
+                "Use WHERE to filter before GROUP BY instead.",
+                subcode=VALIDATION_SQL_UNSUPPORTED_SYNTAX,
+            )
+
+        # 5. Block CTE / WITH
+        if self._SQL_CTE_RE.search(sql):
+            raise ValidationError(
+                "CTE (WITH ... AS) is not supported by the Dataverse SQL "
+                "endpoint. Use separate queries and combine in Python.",
+                subcode=VALIDATION_SQL_UNSUPPORTED_SYNTAX,
+            )
+
+        # 6. Block subqueries
+        if self._SQL_SUBQUERY_RE.search(sql):
+            raise ValidationError(
+                "Subqueries are not supported by the Dataverse SQL "
+                "endpoint. Use separate SQL calls and combine results "
+                "in Python (e.g. step 1: get IDs, step 2: WHERE IN).",
+                subcode=VALIDATION_SQL_UNSUPPORTED_SYNTAX,
+            )
+
+        # --- WARNED (query still executes) ---
+
+        # 7. Warn on leading-wildcard LIKE
         if self._SQL_LEADING_WILDCARD_RE.search(sql):
             warnings.warn(
                 "Query contains a leading-wildcard LIKE pattern "
@@ -927,8 +993,7 @@ def _sql_guardrails(self, sql: str) -> str:
                 stacklevel=4,
             )
 
-        # 3. Warn on implicit cross joins (server allows these but they
-        # produce cartesian products that can stress shared DB resources)
+        # 8. Warn on implicit cross joins (server allows but risky)
         if self._SQL_IMPLICIT_CROSS_JOIN_RE.search(sql):
             warnings.warn(
                 "Query uses an implicit cross join (FROM table1, table2). "

tests/unit/data/test_sql_guardrails.py

@@ -75,11 +75,99 @@ def test_select_not_blocked(self):
 
     def test_select_with_delete_in_where_not_blocked(self):
         c = _client()
-        # "DELETE" appearing in a WHERE value should not trigger the guard
         result = c._sql_guardrails("SELECT TOP 10 name FROM account WHERE name = 'DELETE ME'")
         assert "SELECT" in result
 
 
+# ===================================================================
+# 1b. Block server-rejected SQL patterns (save round-trip)
+# ===================================================================
+
+
+class TestBlockServerRejectedPatterns:
+    """Block SQL patterns the server rejects, to save network round-trip."""
+
+    @pytest.mark.parametrize(
+        "sql,match_text",
+        [
+            ("SELECT a.name FROM account a CROSS JOIN contact c", "Unsupported JOIN"),
+            (
+                "SELECT a.name FROM account a RIGHT JOIN contact c ON a.accountid = c.parentcustomerid",
+                "Unsupported JOIN",
+            ),
+            (
+                "SELECT a.name FROM account a RIGHT OUTER JOIN contact c ON a.accountid = c.parentcustomerid",
+                "Unsupported JOIN",
+            ),
+            (
+                "SELECT a.name FROM account a FULL OUTER JOIN contact c ON a.accountid = c.parentcustomerid",
+                "Unsupported JOIN",
+            ),
+            (
+                "SELECT a.name FROM account a FULL JOIN contact c ON a.accountid = c.parentcustomerid",
+                "Unsupported JOIN",
+            ),
+        ],
+    )
+    def test_unsupported_joins_blocked(self, sql, match_text):
+        c = _client()
+        with pytest.raises(ValidationError, match=match_text):
+            c._sql_guardrails(sql)
+
+    def test_inner_join_allowed(self):
+        c = _client()
+        result = c._sql_guardrails(
+            "SELECT TOP 5 a.name FROM account a " "INNER JOIN contact c ON a.accountid = c.parentcustomerid"
+        )
+        assert "INNER JOIN" in result
+
+    def test_left_join_allowed(self):
+        c = _client()
+        result = c._sql_guardrails(
+            "SELECT TOP 5 a.name FROM account a " "LEFT JOIN contact c ON a.accountid = c.parentcustomerid"
+        )
+        assert "LEFT JOIN" in result
+
+    def test_union_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="UNION"):
+            c._sql_guardrails("SELECT name FROM account UNION SELECT fullname FROM contact")
+
+    def test_union_all_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="UNION"):
+            c._sql_guardrails("SELECT name FROM account UNION ALL SELECT fullname FROM contact")
+
+    def test_having_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="HAVING"):
+            c._sql_guardrails("SELECT name, COUNT(*) FROM account GROUP BY name HAVING COUNT(*) > 1")
+
+    def test_cte_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="CTE"):
+            c._sql_guardrails("WITH cte AS (SELECT name FROM account) SELECT * FROM cte")
+
+    def test_subquery_in_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="Subquer"):
+            c._sql_guardrails("SELECT name FROM account WHERE accountid IN (SELECT accountid FROM account)")
+
+    def test_subquery_exists_blocked(self):
+        c = _client()
+        with pytest.raises(ValidationError, match="Subquer"):
+            c._sql_guardrails(
+                "SELECT name FROM account a WHERE EXISTS "
+                "(SELECT 1 FROM contact c WHERE c.parentcustomerid = a.accountid)"
+            )
+
+    def test_subquery_in_values_not_blocked(self):
+        """IN with literal values is fine -- only IN (SELECT ...) is blocked."""
+        c = _client()
+        result = c._sql_guardrails("SELECT name FROM account WHERE name IN ('A', 'B', 'C')")
+        assert "IN" in result
+
+
 # ===================================================================
 # 2. Server enforces TOP 5000 (no client-side injection needed)
 # ===================================================================