Azure-Samples
Implement READONLY mode checks and enhance SQL query validation in Tools
dotnet changes:
- Add CRITICAL security restrictions and sanitization to C# per the TS
- Implement READONLY property on the MCP like we have in NODE
Hey noticed the TS\Node blocked problematic queries going through, but dotnet just let anything happen... this should copy the behaviour.
@sitefinitysteve thank you for the PR, copilot assisted review and has left few comments PTAL.
@sitefinitysteve thank you for the PR, copilot assisted review and has left few comments PTAL.
Oh cool feature!
I'll get on it once I'm back from vacation
@sitefinitysteve thank you for the PR, copilot assisted review and has left few comments PTAL.
Oh cool feature!
I'll get on it once I'm back from vacation
@sitefinitysteve the one thing I noticed is that the code currently looks at the readonly flag and returns which is good (second level validation), in addition to this what would be required is showing only the tools that are readonly, i.e describe table, list tables and read.
@sitefinitysteve thank you for the PR, copilot assisted review and has left few comments PTAL.
Oh cool feature! I'll get on it once I'm back from vacation
@sitefinitysteve the one thing I noticed is that the code currently looks at the readonly flag and returns which is good (second level validation), in addition to this what would be required is showing only the tools that are readonly, i.e describe table, list tables and read.
I believe this is correct, seems to work VSCode reports back properly https://github.com/Azure-Samples/SQL-AI-samples/pull/64/commits/9732602912b8e842df1a616da54bfea370e1e13d
Your MSSQL MCP server is working correctly and has successfully connected to the SQL Server instance. Since READONLY is set to false, you should have access to the full suite of database operations including:
Read Operations: TestConnection, DescribeTable, ListTables, ReadData
Write Operations: ExecuteQuery, CreateTable, InsertData, UpdateData, DeleteData
The connection to your SQL Server 2022 instance at XX with the MSSQLMCP database is functioning properly!
Since you have READONLY mode enabled, you'll only have access to read-only operations like:
Testing connections
Describing table schemas
Listing tables
Reading data from tables
The connection test confirms that your MCP server setup is working properly!
No rush I was more curious than anything, working off my fork anyway!
On Thu, Sep 4, 2025 at 3:57 PM Arun Vijayraghavan @.***> wrote:
@.**** commented on this pull request.
In MssqlMcp/dotnet/MssqlMcp/Tools/ReadData.cs https://github.com/Azure-Samples/SQL-AI-samples/pull/64#discussion_r2323366024 :
using Microsoft.Data.SqlClient; using Microsoft.Extensions.Logging; using ModelContextProtocol.Server;
namespace Mssql.McpServer; public partial class Tools {
- // List of dangerous SQL keywords that should not be allowed
- private static readonly string[] DangerousKeywords =
- [
"DELETE", "DROP", "UPDATE", "INSERT", "ALTER", "CREATE","TRUNCATE", "EXEC", "EXECUTE", "MERGE", "REPLACE","GRANT", "REVOKE", "COMMIT", "ROLLBACK", "TRANSACTION","BEGIN", "DECLARE", "SET", "USE", "BACKUP",@sitefinitysteve https://github.com/sitefinitysteve will get this merged waiting on some approvals.
— Reply to this email directly, view it on GitHub https://github.com/Azure-Samples/SQL-AI-samples/pull/64#discussion_r2323366024, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALYR2FMFJR4BB7I7ZK5X4T3RCKUFAVCNFSM6AAAAACEA6INGWVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTCOBWHE4TAMBRHA . You are receiving this because you were mentioned.Message ID: @.***>