@imazhar101/mcp-bigquery-server 1.0.2 → 1.0.3

package/dist/servers/bigquery/src/services/bigquery-service.js

@@ -92,8 +92,18 @@ export class BigQueryService {
         if (prevented.length === 0) {
             return { filteredRows: rows, filteredSchema: schema, strippedFields: [] };
         }
-        // Case-insensitive match against full field name or glob-style suffix (*_email, email_*)
-        const isBlocked = (name) => prevented.some((p) => name.toLowerCase() === p.toLowerCase());
+        // Case-insensitive substring match: a prevented token strips any column
+        // whose name contains it (e.g. `grm_email` strips `grm_email_one`,
+        // `grm_email_primary`). Substring is the only semantics that reliably
+        // catches real column sprawl; the BIGQUERY_PREVENTED_FIELDS list is curated
+        // to avoid over-broad tokens (e.g. `first_name`/`last_name`, never bare
+        // `name`). NOTE: output-column filtering is an accident guard, not an
+        // access boundary — it is bypassed by aliasing and does not cover PII used
+        // only in WHERE/JOIN/aggregates. Use allowedTables + governed views for that.
+        const isBlocked = (name) => {
+            const n = name.toLowerCase();
+            return prevented.some((p) => n.includes(p.toLowerCase()));
+        };
         const allFieldNames = schema.length > 0
             ? schema.map((f) => f.name)
             : rows.length > 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imazhar101/mcp-bigquery-server",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "BigQuery MCP server — read-only query execution, schema exploration, dataset discovery",
   "type": "module",
   "main": "dist/servers/bigquery/src/index.js",