fix(backend): add MSSQL timeout enforcement and document read-only gap

Address review feedback: add SET LOCK_TIMEOUT for MSSQL connections to enforce query timeout at the database level, consistent with the PostgreSQL/MySQL implementations. Document that MSSQL lacks a session-level read-only mode, with defense-in-depth handled by the SQL validation layer and ROLLBACK in the finally block.
2026-04-08 03:00:28 -04:00 · 2026-03-26 17:42:08 +07:00
parent c226cf0925
commit f1e2ce0703
1 changed files with 9 additions and 0 deletions
--- a/autogpt_platform/backend/backend/blocks/sql_query_block.py
+++ b/autogpt_platform/backend/backend/blocks/sql_query_block.py
@@ -435,6 +435,15 @@ class SQLQueryBlock(Block):
                    )
                    if read_only:
                        conn.execute(text("SET SESSION TRANSACTION READ ONLY"))
+                elif engine.dialect.name == "mssql":
+                    # MSSQL: SET LOCK_TIMEOUT limits lock-wait time (ms).
+                    # pyodbc's connect_args "timeout" handles the connection
+                    # timeout, but LOCK_TIMEOUT covers in-query lock waits.
+                    conn.execute(text(f"SET LOCK_TIMEOUT {timeout * 1000}"))
+                    # MSSQL lacks a session-level read-only mode like
+                    # PostgreSQL/MySQL.  Read-only enforcement is handled by
+                    # the SQL validation layer (_validate_query_is_read_only)
+                    # and the ROLLBACK in the finally block.

                # Execute the user query inside an explicit transaction so
                # the read-only setting (if enabled) applies to it.