sql query built from user controlled components security issue fix

Akhileswara-Microsoft · Akhileswara-Microsoft · commit e49cdb7f3234 · 2025-12-26T16:43:03.000+05:30
diff --git a/App/kernel-memory/extensions/SQLServer/SQLServer/SqlServerMemory.cs b/App/kernel-memory/extensions/SQLServer/SQLServer/SqlServerMemory.cs
@@ -12,6 +12,9 @@
 using Microsoft.KernelMemory.MemoryStorage;
 
 namespace Microsoft.KernelMemory.MemoryDb.SQLServer;
+// Accepts only [a-zA-Z_][a-zA-Z0-9_]{0,127}
+    private static readonly Regex s_safeSqlIdentifierRegex = new Regex(@"^[a-zA-Z_][a-zA-Z0-9_]{0,127}$", RegexOptions.Compiled);
+
 
 /// <summary>
 /// Represents a memory store implementation that uses a SQL Server database as its backing store.
@@ -48,9 +51,6 @@ public sealed class SqlServerMemory : IMemoryDb, IMemoryDbUpsertBatch, IDisposab
     /// SQL Server version, retrieved on the first connection
     /// </summary>
     private int _cachedServerVersion = int.MinValue;
-    // Accepts only [a-zA-Z_][a-zA-Z0-9_]{0,127}
-    private static readonly Regex s_safeSqlIdentifierRegex = new Regex(@"^[a-zA-Z_][a-zA-Z0-9_]{0,127}$", RegexOptions.Compiled);
-
 
     /// <summary>
     /// Initializes a new instance of the <see cref="SqlServerMemory"/> class.
