fix(sql): stop sanitize_clause from rewriting user SQL semantics (#36113)

`sanitize_clause` round-tripped the user's clause through SQLGlot's dialect
generator and returned the re-rendered SQL. SQLGlot's Postgres dialect (borrowed
by engines such as Redshift, CockroachDB, Netezza and SAP HANA) rewrites
`ROUND(AVG(x), n)` into `ROUND(CAST(AVG(x) AS DECIMAL), n)`. On engines whose
unqualified DECIMAL defaults to scale 0, that injected cast rounds the aggregate
to an integer before the explicit ROUND, so `ROUND(AVG(0.949583), 4)` returns
`1` instead of `0.9496`.

This regressed when validation moved from sqlparse to SQLGlot; the legacy
implementation only validated the clause and returned it unchanged.

Validate by parsing as before, but return the original clause verbatim. Clauses
that contain comments are still re-rendered, since a trailing line comment can
comment out surrounding SQL once the clause is embedded into a larger query.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Claude Code
2026-06-16 11:37:49 -07:00
committed by Evan
parent ee0a93771f
commit f5a841b320
2 changed files with 21 additions and 3 deletions

View File

@@ -3123,7 +3123,8 @@ def test_is_valid_cvas(sql: str, engine: str, expected: bool) -> None:
"sql, expected, engine",
[
("col = 1", "col = 1", "base"),
("1=\t\n1", "1 = 1", "base"),
# Comment-free clauses are returned verbatim (no semantic round-trip).
("1=\t\n1", "1=\t\n1", "base"),
("(col = 1)", "(col = 1)", "base"), # Compact format without newlines
(
"(col1 = 1) AND (col2 = 2)",