LlamaIndex
Log in

Find answers from the community

Updated 3 months ago

Hello @WhiteFang_Jr , @Logan M and

pprathamesh4585
Β·
Hello , and everybody, I have one doubt,
I don't want SQLTableRetrieverQueryEngine to give schema of database objects also I don't want user to be able to drop or delete tables. I also want to stop users from access info about other objects which are not in include_tables param. I have tried overriding run_sql function in SQLDatabase class but it does not seem to work. Is there any other way? am I doing it wrong? please help

my code to overide function:
from llama_index import SQLDatabase
from typing import Dict, Tuple

class MySQLDatabase(SQLDatabase): # Assuming SQLDatabase is the original class
def run_sql(self, command: str) -> Tuple[str, Dict]:
"""Override the run_sql method to add custom functionality."""
# Check for DDL, DML, and schema-related commands
ddl_commands = {'CREATE', 'ALTER', 'DROP', 'TRUNCATE', 'COMMENT'}
dml_commands = {'INSERT', 'UPDATE', 'DELETE', 'MERGE'}
schema_commands_mysql = {'information_schema.','sqlite_master'} # Adjust for MySQL

if any(cmd in command.upper() for cmd in ddl_commands.union(dml_commands)):
raise ValueError("I appreciate your input! Let's keep our conversation safe and avoid any database modifications.")

if any(cmd in command.lower() for cmd in schema_commands_mysql):
raise ValueError("I appreciate your input! However, retrieving schema information is not allowed for security reasons.")


return super().run_sql(command)
W
L
p
7 comments
WWhiteFang_Jr
I think, you will have to put checks for all these type of user queries before you put anything into SQLTableRetrieverQueryEngine if I'm not wrong.

You can use your llm instance to validate or check on user query whether it wants to delete something or do something which isnot not allowed. If llm returns that the query is good then you can go ahead and pass it to SQLTableRetrieverQueryEngine.
LLogan M
If you need really custom text 2 sql, you could also create your own query pipeline (quite low-level, but would let you design your text2sql pipeline)
https://docs.llamaindex.ai/en/stable/module_guides/querying/pipeline/root.html
pprathamesh4585
okay can I use nemo-guardrails? does it work with llama-index? is there any tutorial you can point me towards?
@WhiteFang_Jr @Logan M
WWhiteFang_Jr
LlamaIndex provides support for Guardrails but it is for making the output in particular requested format: https://docs.llamaindex.ai/en/stable/examples/output_parsing/GuardrailsDemo.html

I think your use case requires you to check the user input right?
pprathamesh4585
yes I want to intercept whatever queries sql_engine makes and stop them if they're harmful. You are taking about guardrails which is different library, I am taking about Nvidia nemo-guardrails which is different library helps to keep user from going off topic or from using curse words, whatever you many configure
WWhiteFang_Jr
I think it is not present in LlamaIndex yet, Would be super happy if you would like to contribute an integration for the same 😁
pprathamesh4585
if I figure out for myself, surely I will contribute to this project 😍
Add a reply
Sign up and join the conversation on Discord