aboutsummaryrefslogtreecommitdiffstats
path: root/Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs
diff options
context:
space:
mode:
Diffstat (limited to 'Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs')
-rw-r--r--Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs7
1 files changed, 5 insertions, 2 deletions
diff --git a/Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs b/Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs
index b248fb502..729aaa435 100644
--- a/Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs
+++ b/Software/Visual_Studio_22/Tango.Portal.Chat.Web/Services/KqlGuard.cs
@@ -5,7 +5,7 @@ namespace Tango.Portal.Chat.Web.Services
public sealed class KqlGuard
{
private static readonly string[] Banned = new[] {
- "externaldata", "evaluate", "cluster(", "database(", "ingest", "print", "datatable", "delete", "drop", "truncate", "update", "set", "declare", "let", "materializedview", "mv-merge", "alter", "create", "append", "ingestiontime()", ".show", ".set", ".clear", ".drop", ".alter"
+ "externaldata", "evaluate", "cluster(", "database(", "ingest", "datatable", "delete", "drop", "truncate", "update", "set", "materializedview", "mv-merge", "alter", "create", "append", "ingestiontime()", ".show", ".set", ".clear", ".drop", ".alter"
};
public KqlValidationResult Validate(string kql)
@@ -13,8 +13,11 @@ namespace Tango.Portal.Chat.Web.Services
var text = kql.ToLowerInvariant();
foreach (var token in Banned)
- if (text.Contains(token))
+ {
+ var pattern = $@"\b{Regex.Escape(token)}\b";
+ if (Regex.IsMatch(text, pattern, RegexOptions.IgnoreCase))
return KqlValidationResult.Fail($"Query uses banned token: {token}");
+ }
// Ensure only allowed tables are referenced (quick heuristic)
//var tableNames = new HashSet<string>(allowTables.Select(t => t.ToLowerInvariant()));
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-19 16:45:09 +0000