Skip to content

Add validation for postgres query command#518

Merged
hallipr merged 17 commits intomainfrom
postgres_validate_query
Oct 1, 2025
Merged

Add validation for postgres query command#518
hallipr merged 17 commits intomainfrom
postgres_validate_query

Conversation

@xiangyan99
Copy link
Copy Markdown
Member

@xiangyan99 xiangyan99 commented Sep 19, 2025
edited
Loading

What does this PR do?

[Provide a clear, concise description of the changes]

Add validation in postgre query to ensure read only select.

[Any additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

https://github.com/microsoft/mcp-pr/issues/9

Pre-merge Checklist

  • Required for All PRs
    • Read contribution guidelines
    • PR title clearly describes the change
    • Commit history is clean with descriptive messages (cleanup guide)
    • Added comprehensive tests for new/modified functionality
    • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
  • For MCP tool changes:
    • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
    • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
    • Updated command list in /docs/azmcp-commands.md and/or /docs/fabric-commands.md
    • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • Extra steps for Azure MCP Server tool changes:
    • Updated test prompts in /docs/e2eTestPrompts.md
    • 👉 For Community (non-Microsoft team member) PRs:
      • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
      • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

@joshfree joshfree added this to the 2025-09 milestone Sep 19, 2025
@joshfree joshfree added the server-Azure.Mcp Azure.Mcp.Server label Sep 19, 2025
@joshfree joshfree moved this from Untriaged to In Progress in Azure MCP Server Sep 19, 2025
@xiangyan99 xiangyan99 marked this pull request as ready for review September 19, 2025 19:19
@xiangyan99 xiangyan99 requested a review from a team as a code owner September 19, 2025 19:19
Copilot AI reviewed Sep 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds query validation for the PostgreSQL database tool to prevent execution of potentially dangerous SQL statements. It implements multiple validation layers to ensure only safe, read-only SELECT queries are executed.

  • Adds a new SqlQueryValidator class that enforces strict allow-list validation for SQL queries
  • Implements validation in PostgresService with comprehensive safety checks for query structure and content
  • Integrates validation into the DatabaseQueryCommand to catch unsafe queries early in the request pipeline

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
SqlQueryValidator.cs New validator class implementing strict allow-list validation for SQL queries
PostgresService.cs Adds ValidateQuerySafety method with comprehensive query validation logic
DatabaseQueryCommand.cs Integrates SqlQueryValidator into the command execution flow
PostgresServiceQueryValidationTests.cs Comprehensive unit tests for query validation functionality
PostgresServiceParameterizedQueryTests.cs Tests focusing on SQL injection prevention through parameterized queries
DatabaseQueryCommandTests.cs Tests for command-level query validation integration
CHANGELOG.md Documents the new validation feature

Comment thread tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Commands/Database/DatabaseQueryCommand.cs
@xiangyan99 xiangyan99 marked this pull request as draft September 19, 2025 19:29
@xiangyan99 xiangyan99 marked this pull request as ready for review September 19, 2025 20:44
@xiangyan99 xiangyan99 mentioned this pull request Sep 19, 2025
Closed
16 tasks
@xiangyan99 xiangyan99 changed the title Add valition for query command Add valition for postgres query command Sep 19, 2025
@xiangyan99 xiangyan99 changed the title Add valition for postgres query command Add validation for postgres query command Sep 19, 2025
alzimmermsft
alzimmermsft reviewed Sep 22, 2025
View reviewed changes
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs Outdated
Comment thread tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs Outdated
@xiangyan99 xiangyan99 requested a review from kk-src as a code owner September 27, 2025 17:03
@hallipr hallipr merged commit 5b44a8b into main Oct 1, 2025
23 checks passed
@hallipr hallipr deleted the postgres_validate_query branch October 1, 2025 18:03
@github-project-automation github-project-automation Bot moved this from In Progress to Done in Azure MCP Server Oct 1, 2025
colbytimm pushed a commit to colbytimm/microsoft-mcp that referenced this pull request Dec 8, 2025
@xiangyan99 @colbytimm
Add validation for postgres query command (microsoft#518)
81a9873
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@anuchandy anuchandy anuchandy approved these changes

@alzimmermsft alzimmermsft alzimmermsft approved these changes

@hallipr hallipr Awaiting requested review from hallipr hallipr is a code owner automatically assigned from microsoft/azure-mcp

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner automatically assigned from microsoft/azure-mcp

@jongio jongio Awaiting requested review from jongio jongio is a code owner automatically assigned from microsoft/azure-mcp

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner automatically assigned from microsoft/azure-mcp

@fanyang-mono fanyang-mono Awaiting requested review from fanyang-mono fanyang-mono is a code owner automatically assigned from microsoft/azure-mcp

@jairmyree jairmyree Awaiting requested review from jairmyree jairmyree is a code owner automatically assigned from microsoft/azure-mcp

@kk-src kk-src Awaiting requested review from kk-src kk-src is a code owner

Assignees

@xiangyan99 xiangyan99

Labels

server-Azure.Mcp Azure.Mcp.Server

Projects

Azure MCP Server
Status: Done

Milestone

2025-09

Development

Successfully merging this pull request may close these issues.

6 participants

@xiangyan99 @anuchandy @alzimmermsft @hallipr @joshfree