Security¶
SQL compilation¶
OntoSQL compiles semantic queries to SQLAlchemy statements with bound parameters for values in where, save, and delete plans. User-supplied filter values are passed as parameters, not interpolated into SQL strings.
Raw sqlalchemy.text() fragments are rejected in semantic where expressions (CompileError). Mapper-defined ComputedMap.expression and NestedMap.join remain trusted code — review mappers like schema migrations.
For ad hoc SQL, use the underlying SQLAlchemy session from your application layer with bound parameters — OntoSQL does not expose a raw SQL escape hatch on OntoSession.
OntoRouter (FastAPI)¶
OntoRouter uses async AsyncOntoSession (onto_async_session_lifespan required). It is not safe for public internet without host-app controls:
| Control | Status |
|---|---|
| Authentication | Not provided — pass dependencies=[Depends(your_auth)] |
| Authorization | Not provided — object-level checks in your dependencies |
| Rate limiting | Not provided |
| Request body validation | Generated Pydantic models validate POST/PATCH bodies |
| Semantic validation | Default validate_entities=True runs OntoModel.model_validate |
| Body size cap | Default max_body_bytes=65536 on POST/PATCH; streams body in chunks (413 when exceeded) |
| Async session | Required — AsyncSessionDep on all routes |
Internet exposure requirements¶
Before mounting OntoRouter on a reachable host:
- Authentication — add FastAPI
dependencieson the router (see production-router.md). - Authorization — verify the caller may access each
{entity_id}and nested associations. - Rate limits — per client/API key at middleware or reverse proxy.
- Disable public
/docsin production or protect with auth. - Reverse-proxy body limits — complement router
max_body_byteswith nginx/Envoy caps.
RDF import limits¶
import_from_rdf, load_graph, and related helpers accept optional max_bytes and max_triples (raises OntoImportError when exceeded).
- Set
untrusted=Trueon import paths that accept public payloads to applyUNTRUSTED_DEFAULT_MAX_BYTES(1 MiB) andUNTRUSTED_DEFAULT_MAX_TRIPLES(100k) when limits are omitted. max_triples, when set, is enforced incrementally during RDF parse — parsing stops as soon as the cap is exceeded (OntoImportError).max_bytesis enforced on the raw payload before parsing.- Defense in depth: authenticate import endpoints, rate-limit, and set both limits on untrusted paths.
max_nesting_depth(default 32) ongraph_to_instancelimits deep nested RDF chains during hydration.
PyLD JSON-LD compaction (compact_jsonld, frame_jsonld) uses a safe document loader by default that blocks remote @context URL fetches (SSRF mitigation). allow_remote_contexts=True requires an explicit trusted document_loader= (PyLD’s default loader fetches remote URLs). RDF import via pyoxigraph does not use PyLD.
Graph sync consistency¶
When graph_sync is configured, graph updates are queued during save() / delete() and applied after SQL commit. If the session rolls back, queued graph updates are discarded.
If graph sync fails after commit, SQL remains committed and the queue is preserved for retry_graph_sync() — plan hybrid architectures with an outbox or reconcile job. See HYBRID.md.
REPLACE cascade¶
CascadePolicy.REPLACE deletes nested rows when associations change. It refuses to delete nested rows still referenced by other parent rows. Do not use REPLACE for shared entities.
See guides/cascade-policies.md.
Project governance¶
| Topic | Details |
|---|---|
| License | MIT |
| Maintainers | OntoSQL contributors — see GitHub repository |
| Security contact | GitHub Security Advisories (preferred) |
| Support model | Community best-effort — SUPPORT.md |
| Commercial support | Not offered in 0.5.x |
Vulnerability response¶
- Report privately via GitHub Security Advisories or the security contact on the repository — do not open public issues for undisclosed vulnerabilities.
- Maintainers acknowledge receipt when possible; no published SLA for triage or fix timelines in 0.5.x.
- Fixes ship in patch/minor releases per severity; advisories published on GitHub when disclosed.
- Enterprise teams should monitor GitHub Advisories and pin versions — upgrading guide.
Pre-1.0: coordinate breaking security fixes with CHANGELOG and SPECS stability tiers.
Reporting vulnerabilities¶
Please report security issues privately via GitHub Security Advisories. Do not open public issues for undisclosed vulnerabilities.