Skip to content

ajitpratap0/GoSQLX

v1.8.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ast cli dialect go lsp mysql
+13 more
parser postgresql query-analyzer security sql sql-formatter sql-injection sql-linter sql-parser sql-validator sqlite wasm zero-copy

Affected surfaces

rce_ssrf breaking_upgrade

Summary

AI summary

Token type system overhaul requires migration.

Full changelog

What's New in v1.8.0

The biggest GoSQLX release yet — 76 commits, 30+ PRs since v1.7.0.

🆕 Dialect Engine & Multi-Dialect Support

  • Dialect Mode Engine — runtime dialect selection for parsing, validation, and formatting
  • MySQL SupportLIMIT offset, count, REPLACE INTO, backtick identifiers, AUTO_INCREMENT, UNSIGNED, ZEROFILL, IF(), GROUP_CONCAT(), STRAIGHT_JOIN, USE INDEX/FORCE INDEX/IGNORE INDEX, INSERT IGNORE
  • SQL Server (T-SQL) SupportSELECT TOP N, WITH (NOLOCK) table hints, CROSS/OUTER APPLY, MERGE with OUTPUT, square bracket identifiers [column], @@ROWCOUNT/@@IDENTITY globals, N'unicode' strings, TOP WITH TIES, #temp/##global tables

🆕 WASM Build & Web Playground

  • Browser-based SQL parsing via WebAssembly
  • Zero-install playground for trying GoSQLX

🆕 Query Transform API

  • Programmatic SQL rewriting: AddWhereCondition(), SetLimit(), AddOrderBy()
  • Safe, AST-based transformations (not string manipulation)

🆕 Comment Preservation

  • SQL comments retained in AST and round-tripped through formatting

🆕 AST-based Formatter

  • Style presets, intelligent indentation
  • DDL statement formatting support

⚡ Performance

  • ~50% faster parsing via complete token type overhaul (string → int constants)
  • 1.5M+ ops/sec peak, 1.46M+ sustained (30s load test)
  • IsCompoundKeywordStart() now O(1) via cached map lookup
  • gosqlx.Parse() now uses parser pool (60-80% memory reduction)
  • gosqlx.Validate() uses fast-path (avoids full AST construction)

🔒 Security

  • Enhanced SQL injection detection with LIKE/blind injection patterns
  • AST-based security scanner (8 detection patterns)

🔧 Other Highlights

  • Error recovery for multi-error parsing
  • AST-to-SQL serialization with round-trip support
  • Dollar-quoted string support (PostgreSQL)
  • Schema-aware validation package
  • Query optimization advisor
  • Snowflake dialect support
  • Python bindings foundation (CGo)
  • GitHub Action for SQL lint/validation
  • Fuzz testing in 4 packages, 84%+ test coverage
  • Apache-2.0 relicense

⚠️ Breaking Changes

  • Token type system overhaul — if you use low-level token.Type string comparisons, see MIGRATION.md for upgrade guide
  • High-level API (gosqlx.Parse(), gosqlx.Validate()) is fully backward compatible

Full Changelog: https://github.com/ajitpratap0/GoSQLX/compare/v1.7.0...v1.8.0

Upgrade

go get github.com/ajitpratap0/[email protected]
go install github.com/ajitpratap0/GoSQLX/cmd/[email protected]

Breaking Changes

  • Token type system overhaul — low-level string comparisons must be updated; see MIGRATION.md

Security Fixes

  • Enhanced SQL injection detection via LIKE/blind patterns and new AST‑based scanner (8 patterns)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ajitpratap0/GoSQLX

Get notified when new releases ship.

Sign up free

About ajitpratap0/GoSQLX

7 SQL tools (validate, format, parse, lint, security scan, metadata extraction, full analysis) over Streamable HTTP. Public remote server at mcp.gosqlx.dev - no install needed. 1.25M+ ops/sec, 6 SQL dialects.

All releases →

Related context

Beta — feedback welcome: [email protected]