Improve postgres query

[xiangyan99]

What does this PR do?

[Provide a clear, concise description of the changes]

Improve postgres query tool

[Any additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Updated command list in /docs/azmcp-commands.md and/or /docs/fabric-commands.md
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
• Extra steps for Azure MCP Server tool changes:
  • Updated test prompts in /docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull Request Overview

This PR improves the PostgreSQL query tool by adding comprehensive security validation and query safety features to prevent SQL injection attacks and potential DoS vulnerabilities.

• Added extensive query validation logic with dangerous keyword detection, multiple statement prevention, and query length limits
• Implemented result size limits across database operations to prevent resource exhaustion
• Enhanced test coverage with dedicated test classes for query validation and parameterized query security

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
PostgresService.cs	Added security validation logic, dangerous keyword detection, result limits, and query safety checks
PostgresServiceQueryValidationTests.cs	Comprehensive test suite covering dangerous queries, SQL injection attempts, and validation edge cases
PostgresServiceParameterizedQueryTests.cs	Tests for parameterized query security and proper handling of malicious input
CHANGELOG.md	Updated changelog to document the security improvements

Comments suppressed due to low confidence (1)

tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs:254

• This query uses string interpolation instead of parameterized queries, making it vulnerable to SQL injection. The table name should be parameterized using NpgsqlCommand parameters to prevent injection attacks.

        var query = $"SELECT column_name, data_type FROM information_schema.columns WHERE table_name = '{table}';";

[jongio]

Why not use an ALLOW list instead of a DISALLOW list? I don't think we'll ever catch all dangerous keywords

[xiangyan99]

This implementation ported from https://github.com/microsoft/mcp/blob/main/tools/Azure.Mcp.Tools.MySql/src/Services/MySqlService.cs

My understanding is that the "allow by default" approach has more flexibility. While it may be less secure than the "disallow by default" approach, I this this trade-off is justifiable.

[xiangyan99]

Based on feedback from the service team, it is recommended to use a block list instead of an allow list to maintain flexibility.

[alzimmermsft]

KILL and SHUTDOWN don't exist in Postgres

[alzimmermsft]

Postgres supports ANALYSE as a synonym to ANALYZE

[alzimmermsft]

\\COPY doesn't exist

[xiangyan99]

Close the PR and use #518 instead.

[xiangyan99]

What does this PR do?

[Provide a clear, concise description of the changes]

Added validation to PostgreSQL queries by blocking well-known keywords. Chose to block specific keywords instead of whitelisting to maintain flexibility.

[Any additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

• Required for All PRs

  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)

• For MCP tool changes:

  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Updated command list in /docs/azmcp-commands.md and/or /docs/fabric-commands.md
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts

• Extra steps for Azure MCP Server tool changes:

  • Updated test prompts in /docs/e2eTestPrompts.md

  • 👉 For Community (non-Microsoft team member) PRs:

    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[xiangyan99]

Close the PR as we want to use the approach in #518