{"id":13629002,"url":"https://github.com/anse1/sqlsmith","last_synced_at":"2025-10-21T04:44:59.521Z","repository":{"id":33019839,"uuid":"36654353","full_name":"anse1/sqlsmith","owner":"anse1","description":"A random SQL query generator","archived":false,"fork":false,"pushed_at":"2024-01-05T17:43:08.000Z","size":453,"stargazers_count":810,"open_issues_count":15,"forks_count":136,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-10-21T04:44:52.997Z","etag":null,"topics":["fuzz-testing","monetdb","postgresql","sqlite3"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anse1.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-06-01T10:41:29.000Z","updated_at":"2025-10-17T10:50:03.000Z","dependencies_parsed_at":"2024-01-05T18:49:03.182Z","dependency_job_id":null,"html_url":"https://github.com/anse1/sqlsmith","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/anse1/sqlsmith","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anse1%2Fsqlsmith","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anse1%2Fsqlsmith/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anse1%2Fsqlsmith/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anse1%2Fsqlsmith/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anse1","download_url":"https://codeload.github.com/anse1/sqlsmith/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anse1%2Fsqlsmith/sbom","scorecard":{"id":197979,"data":{"date":"2025-08-11","repo":{"name":"github.com/anse1/sqlsmith","commit":"46c1df710ea0217d87247bb1fc77f4a09bca77f7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 3/28 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/regression.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/anse1/sqlsmith/regression.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4 not signed: https://api.github.com/repos/anse1/sqlsmith/releases/60864870","Warn: release artifact v1.3 not signed: https://api.github.com/repos/anse1/sqlsmith/releases/56815233","Warn: release artifact v1.2.1 not signed: https://api.github.com/repos/anse1/sqlsmith/releases/10841649","Warn: release artifact v1.2 not signed: https://api.github.com/repos/anse1/sqlsmith/releases/10835028","Warn: release artifact v1.0 not signed: https://api.github.com/repos/anse1/sqlsmith/releases/3334624","Warn: release artifact v1.4 does not have provenance: https://api.github.com/repos/anse1/sqlsmith/releases/60864870","Warn: release artifact v1.3 does not have provenance: https://api.github.com/repos/anse1/sqlsmith/releases/56815233","Warn: release artifact v1.2.1 does not have provenance: https://api.github.com/repos/anse1/sqlsmith/releases/10841649","Warn: release artifact v1.2 does not have provenance: https://api.github.com/repos/anse1/sqlsmith/releases/10835028","Warn: release artifact v1.0 does not have provenance: https://api.github.com/repos/anse1/sqlsmith/releases/3334624"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T22:11:03.741Z","repository_id":33019839,"created_at":"2025-08-16T22:11:03.742Z","updated_at":"2025-08-16T22:11:03.742Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280207180,"owners_count":26290616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzz-testing","monetdb","postgresql","sqlite3"],"created_at":"2024-08-01T22:01:01.435Z","updated_at":"2025-10-21T04:44:59.490Z","avatar_url":"https://github.com/anse1.png","language":"C++","readme":"[[logo.png]]\n* SQLsmith\n\n: \u003cmba\u003e \"I love the smell of coredumps in the morning\"\n\n** Description\nSQLsmith is a random SQL query generator.  Its paragon is [[https://embed.cs.utah.edu/csmith/][Csmith]],\nwhich proved valuable for quality assurance in C compilers.\n\nIt currently supports generating queries for PostgreSQL, SQLite 3 and\nMonetDB.  To add support for another RDBMS, you need to implement two\nclasses providing schema information about and connectivity to the\ndevice under test.\n\nBesides developers of the RDBMS products, users developing extensions\nmight also be interested in exposing their code to SQLsmith's random\nworkload.\n\nSince 2015, it found 118 bugs in alphas, betas and releases in the\naforementioned products, including security vulnerabilities in\nreleased versions.  Additional bugs were squashed in extensions and\nlibraries such as orafce and glibc.\n\n    https://github.com/anse1/sqlsmith/wiki#score-list\n\n** Dependencies\n- C++11\n- libpqxx\n\noptional:\n- boost::regex in case your std::regex is broken\n- SQLite3\n- monetdb_mapi\n\n** Building on Debian\n\n: apt-get install build-essential autoconf autoconf-archive libpqxx-dev libboost-regex-dev libsqlite3-dev\n: cd sqlsmith\n: autoreconf -i # Avoid when building from a release tarball\n: ./configure\n: make\n\n** Building on OSX\n\nIn order to build on Mac OSX, assuming you use Homebrew, run the following\n\n: brew install libpqxx automake libtool autoconf autoconf-archive pkg-config\n: cd sqlsmith\n: autoreconf -i # Avoid when building from a release tarball\n: ./configure\n: make\n\n** Usage\n\nSQLsmith connects to the target database to retrieve the schema for\nquery generation and to send the generated queries to.  Currently, all\ngenerated statements are rolled back.  Beware that SQLsmith does call\nfunctions that could possibly have side-effects\n(e.g. pg_terminate_backend).  Use a suitably *underprivileged user*\nfor its connection to avoid this.\n\nExample invocations:\n\n: # testing Postgres\n: sqlsmith --verbose --target=\"host=/tmp port=65432 dbname=regression\"\n: # testing SQLite\n: sqlsmith --verbose --sqlite=\"file:$HOME/.mozilla/firefox/places.sqlite?mode=ro\"\n: # testing MonetDB\n: sqlsmith --verbose --monetdb=\"mapi:monetdb://localhost:50000/smith\"\n\nThe following options are currently supported:\n\n| =--target=connstr=   | target postgres database (default: libpq defaults)       |\n| =--sqlite=URI=       | target SQLite3 database                                  |\n| =--monetdb=URI=      | target MonetDB database                                  |\n| =--log-to=connstr=   | postgres db for logging errors into (default: don't log) |\n| =--verbose=          | emit progress output                                     |\n| =--version=          | show version information                                 |\n| =--seed=int=         | seed RNG with specified integer instead of PID           |\n| =--dry-run=          | print queries instead of executing them                  |\n| =--max-queries=long= | terminate after generating this many queries             |\n| =--exclude-catalog=  | don't generate queries using catalog relations           |\n| =--dump-all-queries= | dump queries as they are generated                       |\n| =--dump-all-graphs=  | dump generated ASTs for debugging                        |\n| =--rng-state=string= | deserialize dumped rng state                             |\n\nSample output:\n\n=--verbose= makes sqlsmith emit some progress indication to stderr.  A\nsymbol is output for each query sent to the server.  Currently the\nfollowing ones are generated:\n\n| symbol | meaning           | details                                       |\n|--------+-------------------+-----------------------------------------------|\n| .      | ok                | Query generated and executed with ok sqlstate |\n| S      | syntax error      | These are bugs in sqlsmith - please report    |\n| t      | timeout           | SQLsmith sets a statement timeout of 1s       |\n| C      | broken connection | These happen when a query crashes the server  |\n| e      | other error       |                                               |\n\nWhen you test against a RDBMS that doesn't support some of SQLsmith's\ngrammar, there will be a burst of syntax errors on startup.  These\nshould disappear after some time as SQLsmith blacklists productions\nthat consistently lead to errors.\n\n=--verbose= will also periodically emit error reports.  In the\nfollowing example, these are mostly caused by the primitive type\nsystem.\n\n: queries: 39000 (202.399 gen/s, 298.942 exec/s)\n: AST stats (avg): height = 5.599 nodes = 37.8489\n: 82\tERROR:  invalid regular expression: quantifier operand invalid\n: 70\tERROR:  canceling statement due to statement timeout\n: 44\tERROR:  operator does not exist: point = point\n: 27\tERROR:  operator does not exist: xml = xml\n: 22\tERROR:  cannot compare arrays of different element types\n: 11\tERROR:  could not determine which collation to use for string comparison\n: 5\tERROR:  invalid regular expression: nfa has too many states\n: 4\tERROR:  cache lookup failed for index 2619\n: 4\tERROR:  invalid regular expression: brackets [] not balanced\n: 3\tERROR:  operator does not exist: polygon = polygon\n: 2\tERROR:  invalid regular expression: parentheses () not balanced\n: 1\tERROR:  invalid regular expression: invalid character range\n: error rate: 0.00705128\n\nThe only one that looks interesting here is the cache lookup one.\nTaking a closer look at it reveals that it happens when you query a\ncertain catalog view like this:\n\n: self=# select indexdef from pg_catalog.pg_indexes where indexdef is not NULL;\n: FEHLER:  cache lookup failed for index 2619\n\nThis is because the planner then puts =pg_get_indexdef(oid)= in a\ncontext where it sees non-index-oids, which causes it to croak:\n\n:                                      QUERY PLAN                                     \n: ------------------------------------------------------------------------------------\n:  Hash Join  (cost=17.60..30.65 rows=9 width=4)\n:    Hash Cond: (i.oid = x.indexrelid)\n:    -\u003e  Seq Scan on pg_class i  (cost=0.00..12.52 rows=114 width=8)\n:          Filter: ((pg_get_indexdef(oid) IS NOT NULL) AND (relkind = 'i'::\"char\"))\n:    -\u003e  Hash  (cost=17.31..17.31 rows=23 width=4)\n:          -\u003e  Hash Join  (cost=12.52..17.31 rows=23 width=4)\n:                Hash Cond: (x.indrelid = c.oid)\n:                -\u003e  Seq Scan on pg_index x  (cost=0.00..4.13 rows=113 width=8)\n:                -\u003e  Hash  (cost=11.76..11.76 rows=61 width=8)\n:                      -\u003e  Seq Scan on pg_class c  (cost=0.00..11.76 rows=61 width=8)\n:                            Filter: (relkind = ANY ('{r,m}'::\"char\"[]))\n\nNow this is more of a curiosity than a bug, but still illustrating how\ndebugging with the help of SQLsmith might look like.\n\n** Large-scale testing\n\n=--log-to= allows logging of hundreds of sqlsmith instances into a\ncentral PostgreSQL database. [[./log.sql]] contains the schema sqlsmith\nexpects and some additional views to generate reports on the logged\ncontents.\n\nIt also contains a trigger to filter boring/known errors based on the\ncontents of the tables known and known_re.  I periodically COPY my\nfilter tables for testing PostgreSQL into the files [[./known_re.txt]] and\n[[./known.txt]] to serve as a starting point.\n\n** Resources\n\n- [[https://www.postgresql.eu/events/pgconfeu2018/sessions/session/2221/slides/145/sqlsmith-talk.pdf][Slides from PGConf.EU 2018]]\n- [[https://anse1.github.io/sqlsmith-doc/structsqltype.html][Doxygen output for SQLsmith]]\n\n** License\n\nSQLsmith is available under GPLv3.  Use it at your own risk.  It may\n*damage your database* (one of the purposes of this tool /is/ to try\nand break things).  See the file [[COPYING]] for details.\n\n** Authors\n\nAndreas Seltenreich \u003cseltenreich@gmx.de\u003e\n\nBo Tang \u003ctangloner@gmail.com\u003e\n\nSjoerd Mullender \u003csjoerd@acm.org\u003e\n\n[[ast.png]]\n","funding_links":[],"categories":["C++","Input Generation","Testing"],"sub_categories":["Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanse1%2Fsqlsmith","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanse1%2Fsqlsmith","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanse1%2Fsqlsmith/lists"}