Skip to content

.Net: [MEVD] Do a proper pass to ensure that all names are property sanitized (prevent SQL injection) #11154

New issue
New issue
Closed
Closed
.Net: [MEVD] Do a proper pass to ensure that all names are property sanitized (prevent SQL injection)#11154
Assignees
adamsitnik
Labels
.NETIssue or Pull requests regarding .NET codeBuildFeatures planned for next Build conferencemsft.ext.vectordataRelated to Microsoft.Extensions.VectorData
@roji

Description

@roji
roji
opened on Mar 24, 2025

There are some cases where we're integrating externally-provided string directly into SQL without quoting/sanitation, e.g. here. We should do a proper pass before releasing to ensure we don't do this anywhere.

/cc @westey-m @dmytrostruk @adamsitnik

Metadata

Metadata

Assignees

Labels

.NETIssue or Pull requests regarding .NET codeBuildFeatures planned for next Build conferencemsft.ext.vectordataRelated to Microsoft.Extensions.VectorData

Type

No type

Projects

Semantic Kernel

Status

Sprint: Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions