more comprehensive rules based on crdb support

Author: viragtripathi

crdb_sql_audit/rules/postgres_to_crdb.yaml

@@ -1,11 +1,13 @@
+# postgres_to_crdb.yaml — Comprehensive CRDB Compatibility Rules based on https://www.cockroachlabs.com/docs/v25.2/sql-feature-support
+
 - id: malformed_dml_statements
   match: '^(SELECT|INSERT|UPDATE|DELETE FROM)\s*$'
   message: "Possibly malformed or incomplete SQL statement"
   level: warning
   tags: [syntax]
 
 - id: special_char_in_identifier
-  match: '"[^"]*#\w*"'
+  match: '"[^\"]*#\w*"'
   message: "Table name contains unsupported special character (#)"
   level: error
   tags: [table, identifier]
@@ -16,8 +18,62 @@
   level: error
   tags: [function]
 
-#- id: low_token_sql
-  #match: '^(\S+\s*){1,2}$'
-  #message: "Extremely short SQL likely malformed"
-  #level: warning
-  #tags: [syntax]
+- id: with_cte
+  match: '^\s*WITH\s+'
+  message: "CTE (WITH clause) detected"
+  level: warning
+  tags: [cte, syntax]
+
+- id: upsert_syntax
+  match: '^\s*UPSERT\s+'
+  message: "UPSERT syntax (CockroachDB supports but should be reviewed)"
+  level: info
+  tags: [upsert, insert]
+
+- id: json_ops
+  match: '->|->>|::json[b]?'  # Look for JSON navigation or cast
+  message: "JSON/JSONB usage detected"
+  level: info
+  tags: [json]
+
+- id: row_values
+  match: '\(.*\).*IN\s*\('  # e.g., WHERE (a, b) IN ((1, 2))
+  message: "ROW VALUES in IN clause"
+  level: warning
+  tags: [rowvalues, comparison]
+
+- id: window_function
+  match: '\bOVER\s*\('
+  message: "Window function usage (e.g., RANK, ROW_NUMBER)"
+  level: info
+  tags: [window, analytics]
+
+- id: set_ops
+  match: '\s+(UNION|INTERSECT|EXCEPT)\s+'
+  message: "Set operation (UNION, INTERSECT, EXCEPT)"
+  level: info
+  tags: [setops]
+
+- id: case_expr
+  match: '\bCASE\b.*\bWHEN\b.*\bTHEN\b'
+  message: "CASE expression detected"
+  level: info
+  tags: [case, conditional]
+
+- id: time_interval
+  match: 'INTERVAL\s+[''\"]'
+  message: "TIME INTERVAL expression"
+  level: info
+  tags: [interval, time]
+
+- id: group_by_rollup
+  match: 'GROUP BY ROLLUP\('
+  message: "ROLLUP clause used"
+  level: warning
+  tags: [aggregation, rollup]
+
+- id: filter_clause
+  match: 'FILTER\s*\(\s*WHERE'
+  message: "FILTER clause used in aggregation"
+  level: warning
+  tags: [aggregation, filter]

crdb_sql_audit/rules_engine.py

@@ -33,7 +33,11 @@ def apply_rules(sql, rules):
             logging.info(f"✅ MATCH: Rule {rule['id']} matched on SQL: {sql}")
 
             # Try to extract SQL type (optional fallback)
-            stmt_type_match = re.match(r'^\s*(SELECT|INSERT|UPDATE|DELETE|BEGIN|COMMIT|ROLLBACK|SAVEPOINT)', sql, re.IGNORECASE)
+            stmt_type_match = re.match(
+                r'^\s*(SELECT|INSERT|UPDATE|DELETE|UPSERT|WITH|BEGIN|COMMIT|ROLLBACK|SAVEPOINT|MERGE|CALL)',
+                sql,
+                re.IGNORECASE
+            )
             sql_type = stmt_type_match.group(1).upper() if stmt_type_match else rule.get("type", "OTHER")
 
             matched.append({

rules/mysql_to_crdb.yaml

@@ -0,0 +1,53 @@
+- id: mysql_limit_offset
+  match: 'LIMIT\s+\d+\s*,\s*\d+'
+  message: "MySQL LIMIT offset, count is not supported; use LIMIT ... OFFSET"
+  level: warning
+  tags: [mysql, pagination]
+
+- id: mysql_if_func
+  match: '\bIF\s*\('
+  message: "MySQL IF(...) must be replaced with CASE"
+  level: warning
+  tags: [mysql, conditional]
+
+- id: mysql_backticks
+  match: '`[^`]+`'
+  message: "Backtick-quoted identifiers should use double quotes"
+  level: warning
+  tags: [mysql, identifier]
+
+- id: mysql_unsigned
+  match: '\bUNSIGNED\b'
+  message: "UNSIGNED types not supported in CockroachDB"
+  level: error
+  tags: [mysql, types]
+
+- id: mysql_enum
+  match: '\bENUM\s*\('
+  message: "ENUM should be rewritten as CHECK constraints"
+  level: warning
+  tags: [mysql, types]
+
+- id: mysql_now
+  match: '\bNOW\s*\(\)'
+  message: "NOW() is supported but may behave differently — use with care"
+  level: info
+  tags: [mysql, datetime]
+
+- id: mysql_auto_increment
+  match: '\bAUTO_INCREMENT\b'
+  message: "Use SERIAL or GENERATED AS IDENTITY instead of AUTO_INCREMENT"
+  level: error
+  tags: [mysql, identity]
+
+- id: mysql_text_blob
+  match: '\b(TEXT|BLOB)\b'
+  message: "TEXT and BLOB types must be mapped to STRING/BYTES"
+  level: warning
+  tags: [mysql, types]
+
+- id: mysql_regexp
+  match: '\bREGEXP\b'
+  message: "REGEXP should be rewritten using SIMILAR TO or ~ operator"
+  level: warning
+  tags: [mysql, expressions]

rules/oracle_to_crdb.yaml

@@ -0,0 +1,47 @@
+- id: oracle_merge
+  match: '^\s*MERGE\s+INTO'
+  message: "Oracle-style MERGE statements are not supported in CockroachDB"
+  level: error
+  tags: [oracle, merge]
+
+- id: oracle_dual_table
+  match: '\s+FROM\s+DUAL\b'
+  message: "Oracle's DUAL table should be removed or rewritten"
+  level: warning
+  tags: [oracle, dual]
+
+- id: oracle_rownum
+  match: '\bROWNUM\b'
+  message: "ROWNUM is not supported; use LIMIT instead"
+  level: error
+  tags: [oracle, pagination]
+
+- id: oracle_decode
+  match: '\bDECODE\s*\('
+  message: "DECODE not supported; use CASE instead"
+  level: warning
+  tags: [oracle, conditional]
+
+- id: oracle_nvl
+  match: '\bNVL\s*\('
+  message: "NVL should be replaced with COALESCE"
+  level: info
+  tags: [oracle, null-handling]
+
+- id: oracle_number_precision
+  match: '\bNUMBER\s*(\(\d+\)|\(\d+,\d+\))?'
+  message: "NUMBER types should be mapped explicitly to INT, DECIMAL, etc."
+  level: warning
+  tags: [oracle, types]
+
+- id: oracle_sysdate
+  match: '\bSYSDATE\b'
+  message: "SYSDATE should be replaced with CURRENT_TIMESTAMP"
+  level: warning
+  tags: [oracle, datetime]
+
+- id: oracle_plsql_block
+  match: '^\s*BEGIN\s+.+END\s*;'
+  message: "PL/SQL block detected — CockroachDB does not support procedural code"
+  level: error
+  tags: [oracle, plsql]