@cmd233/mcp-database-server 1.3.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -296,6 +296,8 @@ export class SqlServerAdapter {
|
|
|
296
296
|
getDescribeTableQuery(tableName) {
|
|
297
297
|
// 验证并转义表名,防止 SQL 注入
|
|
298
298
|
const escapedTableName = escapeIdentifier(tableName);
|
|
299
|
+
// 用于字符串比较(不带方括号)
|
|
300
|
+
const safeTableName = tableName.replace(/'/g, "''");
|
|
299
301
|
return `
|
|
300
302
|
SELECT
|
|
301
303
|
c.COLUMN_NAME as name,
|
|
@@ -316,13 +318,13 @@ export class SqlServerAdapter {
|
|
|
316
318
|
SELECT o.object_id
|
|
317
319
|
FROM sys.objects o
|
|
318
320
|
INNER JOIN sys.schemas s ON o.schema_id = s.schema_id
|
|
319
|
-
WHERE o.name = ${
|
|
321
|
+
WHERE o.name = '${safeTableName}' AND s.name = c.TABLE_SCHEMA
|
|
320
322
|
AND o.type IN ('U', 'V')
|
|
321
323
|
)
|
|
322
324
|
AND ep.minor_id = c.ORDINAL_POSITION
|
|
323
325
|
AND ep.name = 'MS_Description'
|
|
324
326
|
WHERE
|
|
325
|
-
c.TABLE_NAME = ${
|
|
327
|
+
c.TABLE_NAME = '${safeTableName}'
|
|
326
328
|
ORDER BY
|
|
327
329
|
c.ORDINAL_POSITION
|
|
328
330
|
`;
|
|
@@ -165,45 +165,6 @@ export function handleListTools() {
|
|
|
165
165
|
destructiveHint: true
|
|
166
166
|
}
|
|
167
167
|
},
|
|
168
|
-
{
|
|
169
|
-
name: "drop_table",
|
|
170
|
-
title: "Drop Table",
|
|
171
|
-
description: "Permanently delete a table from the database. " +
|
|
172
|
-
"This operation has been DISABLED for security reasons. " +
|
|
173
|
-
"DROP operations should be handled by DBA at the database level. " +
|
|
174
|
-
"Contact your database administrator if you need to delete a table.",
|
|
175
|
-
inputSchema: {
|
|
176
|
-
type: "object",
|
|
177
|
-
properties: {
|
|
178
|
-
table_name: {
|
|
179
|
-
type: "string",
|
|
180
|
-
description: "Name of the table to delete"
|
|
181
|
-
},
|
|
182
|
-
confirm: {
|
|
183
|
-
type: "boolean",
|
|
184
|
-
description: "Must be set to true to confirm table deletion"
|
|
185
|
-
},
|
|
186
|
-
},
|
|
187
|
-
required: ["table_name", "confirm"],
|
|
188
|
-
},
|
|
189
|
-
outputSchema: {
|
|
190
|
-
type: "object",
|
|
191
|
-
properties: {
|
|
192
|
-
success: {
|
|
193
|
-
type: "boolean",
|
|
194
|
-
description: "True if the table was dropped successfully"
|
|
195
|
-
},
|
|
196
|
-
message: {
|
|
197
|
-
type: "string",
|
|
198
|
-
description: "Success message with the dropped table name"
|
|
199
|
-
}
|
|
200
|
-
}
|
|
201
|
-
},
|
|
202
|
-
annotations: {
|
|
203
|
-
readOnlyHint: false,
|
|
204
|
-
destructiveHint: true
|
|
205
|
-
}
|
|
206
|
-
},
|
|
207
168
|
{
|
|
208
169
|
name: "export_query",
|
|
209
170
|
title: "Export Query",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cmd233/mcp-database-server",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.1",
|
|
4
4
|
"description": "MCP server for interacting with SQLite, SQL Server, PostgreSQL and MySQL databases (Added stored procedure support and enhanced SQL injection protection)",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "cmd233",
|