chore(release): bump version to 2.1.1 and update changelog

atasoglu · atasoglu · commit 5194dcd28875 · 2025-10-29T14:59:46.000+03:00
* Moved table name validation to create_table method
* Improved client initialization flexibility
* Added tests for table name validation during table creation
* Enhanced SQL injection prevention tests
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.1] - 2025-01-31
+
+### Changed
+- Moved table name validation from `__init__()` to `create_table()` method
+- Table name is now validated when creating the table schema, not during client initialization
+
+### Improved
+- More flexible client initialization - validation happens at table creation time
+
 ## [2.1.0] - 2025-01-31
 
 ### Added
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sqlite-vec-client"
-version = "2.1.0"
+version = "2.1.1"
 description = "A tiny Python client around sqlite-vec for CRUD and similarity search."
 readme = "README.md"
 requires-python = ">=3.9"
diff --git a/sqlite_vec_client/base.py b/sqlite_vec_client/base.py
@@ -105,11 +105,9 @@ def __init__(
             pool: Optional connection pool for connection reuse
 
         Raises:
-            TableNameError: If table name is invalid
             VecConnectionError: If connection fails
             ValueError: If both db_path and pool are None
         """
-        validate_table_name(table)
         self.table = table
         self._in_transaction = False
         self._pool = pool
@@ -148,8 +146,10 @@ def create_table(
             distance: Distance metric for similarity search
 
         Raises:
+            TableNameError: If table name is invalid
             ValidationError: If dimension is invalid
         """
+        validate_table_name(self.table)
         validate_dimension(dim)
         logger.info(
             f"Creating table '{self.table}' with dim={dim}, distance={distance}"
diff --git a/tests/test_client.py b/tests/test_client.py
@@ -14,17 +14,12 @@
 class TestClientInitialization:
     """Tests for client initialization."""
 
-    def test_init_with_valid_table_name(self, temp_db):
-        """Test initialization with valid table name."""
+    def test_init_with_table_name(self, temp_db):
+        """Test initialization with table name."""
         client = SQLiteVecClient(table="valid_table", db_path=temp_db)
         assert client.table == "valid_table"
         client.close()
 
-    def test_init_with_invalid_table_name(self, temp_db):
-        """Test initialization with invalid table name raises error."""
-        with pytest.raises(TableNameError):
-            SQLiteVecClient(table="invalid-table", db_path=temp_db)
-
 
 @pytest.mark.integration
 class TestCreateTable:
@@ -45,6 +40,13 @@ def test_create_table_invalid_dimension(self, client):
         with pytest.raises(ValidationError):
             client.create_table(dim=0)
 
+    def test_create_table_validates_table_name(self, temp_db):
+        """Test that create_table validates table name."""
+        client = SQLiteVecClient(table="invalid-table", db_path=temp_db)
+        with pytest.raises(TableNameError):
+            client.create_table(dim=3)
+        client.close()
+
 
 @pytest.mark.integration
 class TestAddRecords:
diff --git a/tests/test_security.py b/tests/test_security.py
@@ -24,20 +24,26 @@ def test_table_name_with_sql_injection(self, temp_db):
             "table;DELETE FROM data",
         ]
         for name in malicious_names:
+            client = SQLiteVecClient(table=name, db_path=temp_db)
             with pytest.raises(TableNameError):
-                SQLiteVecClient(table=name, db_path=temp_db)
+                client.create_table(dim=3)
+            client.close()
 
     def test_table_name_with_special_chars(self, temp_db):
         """Test that special characters in table names are rejected."""
         invalid_names = ["table-name", "table.name", "table name", "table@name"]
         for name in invalid_names:
+            client = SQLiteVecClient(table=name, db_path=temp_db)
             with pytest.raises(TableNameError):
-                SQLiteVecClient(table=name, db_path=temp_db)
+                client.create_table(dim=3)
+            client.close()
 
     def test_table_name_starting_with_number(self, temp_db):
         """Test that table names starting with numbers are rejected."""
+        client = SQLiteVecClient(table="123table", db_path=temp_db)
         with pytest.raises(TableNameError):
-            SQLiteVecClient(table="123table", db_path=temp_db)
+            client.create_table(dim=3)
+        client.close()
 
 
 @pytest.mark.unit
@@ -105,8 +111,10 @@ class TestTableNameValidation:
 
     def test_empty_table_name(self, temp_db):
         """Test that empty table name is rejected."""
+        client = SQLiteVecClient(table="", db_path=temp_db)
         with pytest.raises(TableNameError, match="cannot be empty"):
-            SQLiteVecClient(table="", db_path=temp_db)
+            client.create_table(dim=3)
+        client.close()
 
     def test_valid_table_names(self, temp_db):
         """Test that valid table names are accepted."""
diff --git a/tests/test_validation.py b/tests/test_validation.py
@@ -45,6 +45,43 @@ def test_starts_with_number(self):
         with pytest.raises(TableNameError):
             validate_table_name("123table")
 
+    def test_sql_injection_attempts(self):
+        """Test that SQL injection attempts are rejected."""
+        injection_attempts = [
+            "table'; DROP TABLE users--",
+            "table OR 1=1",
+            "table; DELETE FROM data",
+            "table/*comment*/",
+        ]
+        for name in injection_attempts:
+            with pytest.raises(TableNameError):
+                validate_table_name(name)
+
+
+@pytest.mark.unit
+class TestValidateTableNameInCreateTable:
+    """Tests for table name validation in create_table method."""
+
+    def test_create_table_with_invalid_name(self, tmp_path):
+        """Test that create_table validates table name."""
+        from sqlite_vec_client import SQLiteVecClient
+
+        db_path = str(tmp_path / "test.db")
+        client = SQLiteVecClient(table="invalid-table", db_path=db_path)
+        with pytest.raises(TableNameError):
+            client.create_table(dim=3)
+        client.close()
+
+    def test_create_table_with_valid_name(self, tmp_path):
+        """Test that create_table accepts valid table name."""
+        from sqlite_vec_client import SQLiteVecClient
+
+        db_path = str(tmp_path / "test.db")
+        client = SQLiteVecClient(table="valid_table", db_path=db_path)
+        client.create_table(dim=3)
+        assert client.count() == 0
+        client.close()
+
 
 @pytest.mark.unit
 class TestValidateDimension:
