---
title: SQL Analyzer
emoji: 🔍
colorFrom: blue
colorTo: indigo
sdk: docker
pinned: false
short_description: "SQL analyzer: linter, AST explorer, formatter & detector"
---

# SQL Analyzer — Linter, AST Explorer & Injection Detector

An interactive SQL analysis tool powered by **SQLFluff 4.x**, built as a pure Python FastAPI backend serving a React frontend.

## Features

- **SQL Linter** — SQLFluff rule violations with severity, rule codes, line/column info, and fixable indicators
- **AST Tree Explorer** — Interactive collapsible/expandable parse tree with search, filter, and color-coded node types
- **SQL Injection Detector** — Detects tautologies, stacked queries, UNION exfiltration, comment bypasses, and more
- **SQL Formatter** — Auto-fix and format SQL with copy-to-clipboard and apply-to-editor
- **Swagger UI** — Full OpenAPI 3.1 documentation at `/swagger`
- **17 SQL dialects** — ANSI, PostgreSQL, MySQL, T-SQL, SQLite, BigQuery, Snowflake, Redshift, DuckDB, Hive, Spark SQL, Trino, Databricks, Oracle, Teradata, ClickHouse, Athena

## Architecture

```
sql-analyzer-standalone/
├── api/
│   ├── main.py          ← FastAPI app (REST endpoints + static file serving)
│   └── static/          ← Built React bundle (generated by pnpm build)
├── frontend/
│   ├── src/             ← React 19 + TypeScript source
│   ├── package.json
│   └── vite.config.ts   ← Builds into ../api/static/
├── requirements.txt
├── Dockerfile
└── README.md
```

## Local Development

```bash
# 1. Install Python deps
pip install -r requirements.txt

# 2. Build the React frontend
cd frontend && pnpm install && pnpm build && cd ..

# 3. Start the FastAPI server
cd api && uvicorn main:app --reload --port 7860
```

Open http://localhost:7860

## API Endpoints

| Method | Path | Description |
|--------|------|-------------|
| GET | `/api/health` | Health check + SQLFluff version |
| POST | `/api/lint` | Lint SQL with SQLFluff |
| POST | `/api/parse` | Parse SQL into AST |
| POST | `/api/format` | Format/fix SQL |
| POST | `/api/inject` | Detect SQL injection patterns |
| GET | `/openapi.json` | OpenAPI schema |
| GET | `/docs` | Swagger UI (FastAPI built-in) |
| GET | `/swagger` | Custom Swagger UI page |

## Request Format

All POST endpoints accept:
```json
{
  "sql": "SELECT * FROM users WHERE id = 1",
  "dialect": "ansi"
}
```

Supported dialects: `ansi`, `postgres`, `mysql`, `tsql`, `sqlite`, `bigquery`, `snowflake`, `redshift`, `duckdb`, `hive`, `sparksql`, `trino`, `databricks`, `oracle`, `teradata`, `clickhouse`, `athena`