Skip to content

PG security enhancement#2096

Merged
xiangyan99 merged 4 commits intomainfrom
pg_security_enhancement
Mar 18, 2026
Merged

PG security enhancement#2096
xiangyan99 merged 4 commits intomainfrom
pg_security_enhancement

Conversation

@xiangyan99
Copy link
Copy Markdown
Member

@xiangyan99 xiangyan99 commented Mar 18, 2026

What does this PR do?

[Provide a clear, concise description of the changes]

  1. Disallow keywords: UNION/INTERSECT/EXCEPT
  2. Disable more dangerous identifiers

[Any additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

  • Required for All PRs
    • Read contribution guidelines
    • PR title clearly describes the change
    • Commit history is clean with descriptive messages (cleanup guide)
    • Added comprehensive tests for new/modified functionality
    • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
  • For MCP tool changes:
    • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
    • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
    • Validate README.md changes using script at eng/scripts/Process-PackageReadMe.ps1. See Package README
    • Updated command list in /servers/Azure.Mcp.Server/docs/azmcp-commands.md and/or /docs/fabric-commands.md
    • Run .\eng\scripts\Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
    • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
    • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
    • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
    • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
  • Extra steps for Azure MCP Server tool changes:
    • Updated test prompts in /servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
    • 👉 For Community (non-Microsoft team member) PRs:
      • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
      • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

@xiangyan99
1. Disallow keywords: UNION/INTERSECT/EXCEPT
666c9bb 
2. Disable more dangerous identifiers
Copilot AI review requested due to automatic review settings March 18, 2026 17:04
@xiangyan99 xiangyan99 requested review from a team and kk-src as code owners March 18, 2026 17:04
@github-actions github-actions Bot added the tools-Postgres PostgreSQL label Mar 18, 2026
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens the Postgres SQL query validation used by the Postgres tool to reduce exfiltration/privilege-abuse risk from user-provided SQL, and adds unit tests plus a changelog entry.

Changes:

  • Block SQL set-operation keywords (UNION / INTERSECT / EXCEPT) in SqlQueryValidator.
  • Expand the blocked identifier list (e.g., pg_user, pg_roles, generate_series, pg_stat_ssl) and adjust string/comment handling.
  • Add unit tests for validator behavior and a changelog entry.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs Adds set-operation keyword blocking and updates string/comment scanning in the validator.
tools/Azure.Mcp.Tools.Postgres/tests/Azure.Mcp.Tools.Postgres.UnitTests/Validation/SqlQueryValidatorTests.cs Introduces new unit tests for allowed/disallowed queries.
servers/Azure.Mcp.Server/changelog-entries/1773853286236.yaml Records the validator hardening in the server changelog entry feed.

Comment thread tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs
Comment thread ...Tools.Postgres/tests/Azure.Mcp.Tools.Postgres.UnitTests/Validation/SqlQueryValidatorTests.cs Outdated
Comment thread servers/Azure.Mcp.Server/changelog-entries/1773853286236.yaml
scottaddie
scottaddie reviewed Mar 18, 2026
View reviewed changes
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs Outdated
xiangyan99 and others added 2 commits March 18, 2026 10:24
@xiangyan99 @scottaddie
Update tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidato…
c6b82e3 
…r.cs

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
@xiangyan99 @scottaddie
Update tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidato…
2d1f2eb 
…r.cs

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
@xiangyan99 xiangyan99 requested a review from scottaddie March 18, 2026 17:39
@xiangyan99 xiangyan99 merged commit 5816ec4 into main Mar 18, 2026
16 checks passed
@xiangyan99 xiangyan99 deleted the pg_security_enhancement branch March 18, 2026 18:28
@github-project-automation github-project-automation Bot moved this from Untriaged to Done in Azure MCP Server Mar 18, 2026
colbytimm pushed a commit to colbytimm/microsoft-mcp that referenced this pull request Apr 20, 2026
@xiangyan99 @scottaddie @colbytimm
PG security enhancement (microsoft#2096)
161945f 
* 1. Disallow keywords: UNION/INTERSECT/EXCEPT
2. Disable more dangerous identifiers

* update

* Update tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>

* Update tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>

---------

Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@scottaddie scottaddie scottaddie approved these changes

@kk-src kk-src Awaiting requested review from kk-src kk-src is a code owner

@hallipr hallipr Awaiting requested review from hallipr hallipr is a code owner automatically assigned from microsoft/azure-mcp

@vukelich vukelich Awaiting requested review from vukelich vukelich is a code owner automatically assigned from microsoft/azure-mcp

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner automatically assigned from microsoft/azure-mcp

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner automatically assigned from microsoft/azure-mcp

@KarishmaGhiya KarishmaGhiya Awaiting requested review from KarishmaGhiya KarishmaGhiya is a code owner automatically assigned from microsoft/azure-mcp

@conniey conniey Awaiting requested review from conniey conniey is a code owner automatically assigned from microsoft/azure-mcp

@tmeschter tmeschter Awaiting requested review from tmeschter tmeschter is a code owner automatically assigned from microsoft/azure-mcp

Assignees

No one assigned

Labels

tools-Postgres PostgreSQL

Projects

Azure MCP Server
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xiangyan99 @scottaddie