fix: escape SQL identifiers in db engine spec prequeries and metadata queries (#39840)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 01:35:39 +00:00 · 2026-05-15 14:48:38 +01:00
parent a06e6ea19b
commit 2e7a2b1f2d
12 changed files with 152 additions and 32 deletions
--- a/tests/unit_tests/db_engine_specs/test_db2.py
+++ b/tests/unit_tests/db_engine_specs/test_db2.py
@@ -81,6 +81,9 @@ def test_get_prequeries(mocker: MockerFixture) -> None:
    assert Db2EngineSpec.get_prequeries(database, schema="my_schema") == [
        'set current_schema "my_schema"'
    ]
+    assert Db2EngineSpec.get_prequeries(database, schema='evil"; SELECT 1--') == [
+        'set current_schema "evil""; SELECT 1--"'
+    ]


@pytest.mark.parametrize(