SQL Expressions: Add setting to limit length of query (#110165)

sql_expression_query_length_limit Set the maximum length of a SQL query that can be used in a SQL expression. Default is 10000 characters. A setting of 0 means no limit.
2025-08-27 12:08:25 -04:00 · 2025-08-27 12:08:25 -04:00 · dd4ffc9918
parent 74cfe7b803
commit dd4ffc9918
11 changed files with 88 additions and 18 deletions
--- a/docs/sources/setup-grafana/configure-grafana/_index.md
+++ b/docs/sources/setup-grafana/configure-grafana/_index.md
@ -2858,15 +2858,19 @@ Set this to `false` to disable expressions and hide them in the Grafana UI. Defa

 #### `sql_expression_cell_limit`

-Set the maximum number of cells that can be passed to a SQL expression. Default is `100000`.
+Set the maximum number of cells that can be passed to a SQL expression. Default is `100000`. A setting of `0` means no limit.

 #### `sql_expression_output_cell_limit`

-Set the maximum number of cells that can be returned from a SQL expression. Default is `100000`.
+Set the maximum number of cells that can be returned from a SQL expression. Default is `100000`. A setting of `0` means no limit.
+
+### `sql_expression_query_length_limit`
+
+Set the maximum length of a SQL query that can be used in a SQL expression. Default is `10000` characters. A setting of `0` means no limit.

 #### `sql_expression_timeout`

-The duration a SQL expression will run before being cancelled. The default is `10s`.
+The duration a SQL expression will run before being cancelled. The default is `10s`. A setting of `0s` means no limit.

 ### `[geomap]`

--- a/pkg/expr/graph.go
+++ b/pkg/expr/graph.go
@ -9,6 +9,8 @@ import (
 	"time"

 	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace"
 	"golang.org/x/exp/maps"
 	"gonum.org/v1/gonum/graph/simple"
 	"gonum.org/v1/gonum/graph/topo"
@ -202,6 +204,26 @@ func (s *Service) buildPipeline(ctx context.Context, req *Request) (DataPipeline
 		req.Headers = map[string]string{}
 	}

+	instrumentSQLError := func(err error, span trace.Span) {
+		var sqlErr *sql.ErrorWithCategory
+		if errors.As(err, &sqlErr) {
+			// The SQL expression (and the entire pipeline) will not be executed, so we
+			// track the attempt to execute here.
+			s.metrics.SqlCommandCount.WithLabelValues("error", sqlErr.Category()).Inc()
+		}
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, err.Error())
+		}
+	}
+
+	_, span := s.tracer.Start(ctx, "SSE.BuildPipeline")
+	var err error
+	defer func() {
+		instrumentSQLError(err, span)
+		span.End()
+	}()
+
 	graph, err := s.buildDependencyGraph(ctx, req)
 	if err != nil {
 		return nil, err
--- a/pkg/expr/graph_test.go
+++ b/pkg/expr/graph_test.go
@ -233,7 +233,8 @@ func TestServicebuildPipeLine(t *testing.T) {
 		},
 	}
 	s := Service{
-		cfg: setting.NewCfg(),
+		cfg:    setting.NewCfg(),
+		tracer: &testTracer{},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
--- a/pkg/expr/service_sql_test.go
+++ b/pkg/expr/service_sql_test.go
@ -199,4 +199,15 @@ func TestSQLServiceErrors(t *testing.T) {
 		_, err := s.BuildPipeline(t.Context(), req)
 		require.Error(t, err, "whole pipeline fails when selecting a dependency that does not exist")
 	})
+
+	t.Run("pipeline will fail if query is longer than the configured limit", func(t *testing.T) {
+		s, req := newMockQueryService(resp,
+			newABSQLQueries(`SELECT This is too long and does not need to be valid SQL`),
+		)
+		s.cfg.SQLExpressionQueryLengthLimit = 5
+		s.features = featuremgmt.WithFeatures(featuremgmt.FlagSqlExpressions)
+
+		_, err := s.BuildPipeline(t.Context(), req)
+		require.ErrorContains(t, err, "exceeded the configured limit of 5 characters")
+	})
 }
--- a/pkg/expr/service_test.go
+++ b/pkg/expr/service_test.go
@ -195,6 +195,7 @@ func TestSQLExpressionCellLimitFromConfig(t *testing.T) {
 				converter: &ResultConverter{
 					Features: features,
 				},
+				tracer: &testTracer{},
 			}

 			req := &Request{Queries: queries, User: &user.SignedInUser{}}
--- a/pkg/expr/sql/errors.go
+++ b/pkg/expr/sql/errors.go
@ -389,3 +389,23 @@ func MakeColumnNotFoundError(refID string, err error) CategorizedError {

 	return &ErrorWithCategory{category: ErrCategoryColumnNotFound, err: ColumnNotFoundError.Build(data)}
 }
+
+const ErrCategoryQueryTooLong = "query_too_long"
+
+var queryTooLongStr = `sql expression [{{.Public.refId}}] was not run because the SQL query exceeded the configured limit of {{ .Public.queryLengthLimit }} characters`
+
+var QueryTooLongError = errutil.NewBase(
+	errutil.StatusBadRequest, sseErrBase+ErrCategoryQueryTooLong).MustTemplate(
+	queryTooLongStr,
+	errutil.WithPublic(queryTooLongStr))
+
+func MakeQueryTooLongError(refID string, queryLengthLimit int64) CategorizedError {
+	data := errutil.TemplateData{
+		Public: map[string]interface{}{
+			"refId":            refID,
+			"queryLengthLimit": queryLengthLimit,
+		},
+	}
+
+	return &ErrorWithCategory{category: ErrCategoryQueryTooLong, err: QueryTooLongError.Build(data)}
+}
--- a/pkg/expr/sql_command.go
+++ b/pkg/expr/sql_command.go
@ -86,6 +86,10 @@ func UnmarshalSQLCommand(ctx context.Context, rn *rawNode, cfg *setting.Cfg) (*S
 		return nil, fmt.Errorf("expected sql expression to be type string, but got type %T", expressionRaw)
 	}

+	if cfg.SQLExpressionQueryLengthLimit > 0 && len(expression) > int(cfg.SQLExpressionQueryLengthLimit) {
+		return nil, sql.MakeQueryTooLongError(rn.RefID, cfg.SQLExpressionQueryLengthLimit)
+	}
+
 	formatRaw := rn.Query["format"]
 	format, _ := formatRaw.(string)

--- a/pkg/registry/apis/query/client/instance_provider.go
+++ b/pkg/registry/apis/query/client/instance_provider.go
@ -47,11 +47,12 @@ func (s *singleTenantInstanceProvider) GetInstance(_ context.Context, _ map[stri

 func (s *singleTenantInstance) GetSettings() clientapi.InstanceConfigurationSettings {
 	return clientapi.InstanceConfigurationSettings{
-		FeatureToggles:               s.features,
-		SQLExpressionCellLimit:       s.cfg.SQLExpressionCellLimit,
-		SQLExpressionOutputCellLimit: s.cfg.SQLExpressionOutputCellLimit,
-		SQLExpressionTimeout:         s.cfg.SQLExpressionTimeout,
-		ExpressionsEnabled:           s.cfg.ExpressionsEnabled,
+		FeatureToggles:                s.features,
+		SQLExpressionCellLimit:        s.cfg.SQLExpressionCellLimit,
+		SQLExpressionOutputCellLimit:  s.cfg.SQLExpressionOutputCellLimit,
+		SQLExpressionQueryLengthLimit: s.cfg.SQLExpressionQueryLengthLimit,
+		SQLExpressionTimeout:          s.cfg.SQLExpressionTimeout,
+		ExpressionsEnabled:            s.cfg.ExpressionsEnabled,
 	}
 }

--- a/pkg/registry/apis/query/clientapi/clientapi.go
+++ b/pkg/registry/apis/query/clientapi/clientapi.go
@ -21,11 +21,12 @@ type QueryDataClient interface {
 }

 type InstanceConfigurationSettings struct {
-	FeatureToggles               featuremgmt.FeatureToggles
-	SQLExpressionCellLimit       int64
-	SQLExpressionOutputCellLimit int64
-	SQLExpressionTimeout         time.Duration
-	ExpressionsEnabled           bool
+	FeatureToggles                featuremgmt.FeatureToggles
+	SQLExpressionCellLimit        int64
+	SQLExpressionOutputCellLimit  int64
+	SQLExpressionQueryLengthLimit int64
+	SQLExpressionTimeout          time.Duration
+	ExpressionsEnabled            bool
 }

 type Instance interface {
--- a/pkg/registry/apis/query/query.go
+++ b/pkg/registry/apis/query/query.go
@ -286,10 +286,11 @@ func handleQuery(ctx context.Context, raw query.QueryDataRequest, b QueryAPIBuil

 	exprService := expr.ProvideService(
 		&setting.Cfg{
-			ExpressionsEnabled:           instanceConfig.ExpressionsEnabled,
-			SQLExpressionCellLimit:       instanceConfig.SQLExpressionCellLimit,
-			SQLExpressionOutputCellLimit: instanceConfig.SQLExpressionOutputCellLimit,
-			SQLExpressionTimeout:         instanceConfig.SQLExpressionTimeout,
+			ExpressionsEnabled:            instanceConfig.ExpressionsEnabled,
+			SQLExpressionCellLimit:        instanceConfig.SQLExpressionCellLimit,
+			SQLExpressionOutputCellLimit:  instanceConfig.SQLExpressionOutputCellLimit,
+			SQLExpressionTimeout:          instanceConfig.SQLExpressionTimeout,
+			SQLExpressionQueryLengthLimit: instanceConfig.SQLExpressionQueryLengthLimit,
 		},
 		nil,
 		nil,
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -441,6 +441,9 @@ type Cfg struct {
 	// SQLExpressionOutputCellLimit is the maximum number of cells (rows × columns) that can be outputted by a SQL expression.
 	SQLExpressionOutputCellLimit int64

+	// SQLExpressionQueryLengthLimit is the maximum length of a SQL query that can be used in a SQL expression.
+	SQLExpressionQueryLengthLimit int64
+
 	// SQLExpressionTimeoutSeconds is the duration a SQL expression will run before timing out
 	SQLExpressionTimeout time.Duration

@ -830,6 +833,7 @@ func (cfg *Cfg) readExpressionsSettings() {
 	cfg.SQLExpressionCellLimit = expressions.Key("sql_expression_cell_limit").MustInt64(100000)
 	cfg.SQLExpressionOutputCellLimit = expressions.Key("sql_expression_output_cell_limit").MustInt64(100000)
 	cfg.SQLExpressionTimeout = expressions.Key("sql_expression_timeout").MustDuration(time.Second * 10)
+	cfg.SQLExpressionQueryLengthLimit = expressions.Key("sql_expression_query_length_limit").MustInt64(10000)
 }

 type AnnotationCleanupSettings struct {