Add limits to Query ClickHouse

Author: matt-aitken

apps/webapp/app/env.server.ts

@@ -1175,6 +1175,13 @@ const EnvironmentSchema = z
     CLICKHOUSE_LOG_LEVEL: z.enum(["log", "error", "warn", "info", "debug"]).default("info"),
     CLICKHOUSE_COMPRESSION_REQUEST: z.string().default("1"),
 
+    // Query page ClickHouse limits (for TSQL queries)
+    QUERY_CLICKHOUSE_MAX_EXECUTION_TIME: z.coerce.number().int().default(60),
+    QUERY_CLICKHOUSE_MAX_MEMORY_USAGE: z.coerce.number().int().default(1_073_741_824), // 1GB in bytes
+    QUERY_CLICKHOUSE_MAX_AST_ELEMENTS: z.coerce.number().int().default(4_000_000),
+    QUERY_CLICKHOUSE_MAX_EXPANDED_AST_ELEMENTS: z.coerce.number().int().default(4_000_000),
+    QUERY_CLICKHOUSE_MAX_BYTES_BEFORE_EXTERNAL_GROUP_BY: z.coerce.number().int().default(0),
+
     EVENTS_CLICKHOUSE_URL: z
       .string()
       .optional()

apps/webapp/app/services/queryService.server.ts

@@ -1,5 +1,6 @@
 import {
   executeTSQL,
+  type ClickHouseSettings,
   type ExecuteTSQLOptions,
   type FieldMappings,
   type TSQLQueryResult,
@@ -21,6 +22,33 @@ const scopeToEnum = {
   environment: "ENVIRONMENT",
 } as const;
 
+/**
+ * Default ClickHouse settings for query protection
+ * Based on PostHog's HogQL settings to prevent expensive queries
+ */
+function getDefaultClickhouseSettings(): ClickHouseSettings {
+  return {
+    // Query execution limits
+    max_execution_time: env.QUERY_CLICKHOUSE_MAX_EXECUTION_TIME,
+    timeout_overflow_mode: "throw",
+    max_memory_usage: String(env.QUERY_CLICKHOUSE_MAX_MEMORY_USAGE),
+
+    // AST complexity limits to prevent extremely complex queries
+    max_ast_elements: String(env.QUERY_CLICKHOUSE_MAX_AST_ELEMENTS),
+    max_expanded_ast_elements: String(env.QUERY_CLICKHOUSE_MAX_EXPANDED_AST_ELEMENTS),
+
+    // Memory management for GROUP BY operations
+    max_bytes_before_external_group_by: String(
+      env.QUERY_CLICKHOUSE_MAX_BYTES_BEFORE_EXTERNAL_GROUP_BY
+    ),
+
+    // Safety settings
+    allow_experimental_object_type: 1,
+    format_csv_allow_double_quotes: 0,
+    readonly: "1", // Ensure queries are read-only
+  };
+}
+
 export type ExecuteQueryOptions<TOut extends z.ZodSchema> = Omit<
   ExecuteTSQLOptions<TOut>,
   "tableSchema" | "organizationId" | "projectId" | "environmentId" | "fieldMappings"
@@ -89,6 +117,10 @@ export async function executeQuery<TOut extends z.ZodSchema>(
     ...baseOptions,
     ...tenantOptions,
     fieldMappings,
+    clickhouseSettings: {
+      ...getDefaultClickhouseSettings(),
+      ...baseOptions.clickhouseSettings, // Allow caller overrides if needed
+    },
   });
 
   // If query succeeded and history options provided, save to history

internal-packages/clickhouse/src/index.ts

@@ -1,4 +1,5 @@
-import { ClickHouseSettings } from "@clickhouse/client";
+import type { ClickHouseSettings } from "@clickhouse/client";
+export type { ClickHouseSettings };
 import { ClickhouseClient } from "./client/client.js";
 import { ClickhouseReader, ClickhouseWriter } from "./client/types.js";
 import { NoopClient } from "./client/noop.js";