Add validations for DangerousIdentifiers

[xiangyan99]

What does this PR do?

[Provide a clear, concise description of the changes]

Add validations for DangerousIdentifiers

[Any additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes using script at eng/scripts/Process-PackageReadMe.ps1. See Package README
  • Updated command list in /servers/Azure.Mcp.Server/docs/azmcp-commands.md and/or /docs/fabric-commands.md
  • Run .\eng\scripts\Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated test prompts in /servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull request overview

Adds additional safeguards to the PostgreSQL query tool by expanding the SQL validator to reject known dangerous PostgreSQL functions/system catalogs, and extends unit test coverage for these new blocked identifiers.

Changes:

• Added a DangerousIdentifiers blocklist and token-level rejection in SqlQueryValidator.
• Expanded DatabaseQueryCommandTests invalid-query theory cases to cover additional dangerous functions/system catalogs.
• Updated Azure MCP Server changelog to reflect the validator hardening.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
tools/Azure.Mcp.Tools.Postgres/tests/Azure.Mcp.Tools.Postgres.UnitTests/Database/DatabaseQueryCommandTests.cs	Adds many new invalid-query cases to assert blocked dangerous identifiers return 400 and don’t hit the service.
tools/Azure.Mcp.Tools.Postgres/src/Validation/SqlQueryValidator.cs	Introduces and enforces a dangerous identifier blocklist during query tokenization.
servers/Azure.Mcp.Server/CHANGELOG.md	Notes the expanded PostgreSQL SQL validator blocklist in the Unreleased section.

[vcolin7]

The changes look fine to me, but I'm curious about the Copilot feedback. Is it right to say the comment in the code is not accurate?

[xiangyan99]

The changes look fine to me, but I'm curious about the Copilot feedback. Is it right to say the comment in the code is not accurate?

It seems to me just another way to describe it. :)