Function sanitizeSql

sanitizeSql(sql: string, options?: SanitizeSqlOptions): string
Sanitizes a SQL statement by checking for dangerous patterns.

This function throws a DuckDBError if the SQL contains dangerous patterns. Use this in request handlers to automatically reject unsafe queries.

Blocked patterns:
- duckdb_secrets() - Exposes database credentials
- PRAGMA - Can modify database settings
- COPY ... TO - Writes files to disk (COPY FROM is allowed)
- EXPORT DATABASE - Exports database to files
Note: SET commands are blocked separately by lockConfiguration: true in DuckDBConfig.
Parameters
- sql: string
  The SQL statement to sanitize
- options: SanitizeSqlOptions = {}
  Options to selectively allow certain patterns
Returns string
The original SQL if safe
Throws
DuckDBError with code 'SANITIZE_ERROR' if dangerous patterns detected
Example
```
import { sanitizeSql, DuckDBError } from '@ducklings/workers';

// In a request handler
try {
  const safeSql = sanitizeSql(userInput);
  const result = await conn.query(safeSql);
  return Response.json({ data: result });
} catch (e) {
  if (e instanceof DuckDBError && e.code === 'SANITIZE_ERROR') {
    return Response.json({ error: e.message }, { status: 400 });
  }
  throw e;
}
```
- Defined in packages/ducklings-workers/src/index.ts:319