Currently the lambda is using the write user and is parsing select statements from the POST body.
Looking at the code, it seems possible to run arbitrary write commands. Instead of trying to sanitize all possible edge cases, it seems easiest/best to switch to a read-only user for the lambda and allow read access to all tables
curl -v 'https://omdmrhz5lb2nrbmodjtm5fxhqq0uevzh.lambda-url.us-east-1.on.aws' \
-H 'content-type: application/json' \
-H 'Authorization: Bearer 20240516' \
-d '{ "SELECT": "* from palm_virome limit 10; CREATE TABLE Test ( objID int )" }'
Currently the lambda is using the write user and is parsing select statements from the POST body.
Looking at the code, it seems possible to run arbitrary write commands. Instead of trying to sanitize all possible edge cases, it seems easiest/best to switch to a read-only user for the lambda and allow read access to all tables