query_mssql
Execute read-only SQL queries on MSSQL databases to retrieve data securely. Connect using host, port, credentials, and database name to run SELECT statements.
Instructions
执行MSSQL数据库查询(只读模式)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| host | Yes | 数据库主机地址 | |
| port | Yes | 数据库端口 | |
| user | Yes | 数据库用户名 | |
| pwd | Yes | 数据库密码 | |
| db | Yes | 数据库名称 | |
| querySql | Yes | 要执行的SQL查询语句(仅支持SELECT等只读操作) |
Implementation Reference
- db-query-tool.js:342-360 (handler)Handler function for the query_mssql tool. Performs read-only check and currently returns a 'not implemented' error as MSSQL support is stubbed out.async executeMSSQL(config) { const { querySql } = config; // 检查是否为只读查询 if (!this.isReadOnlyQuery(querySql)) { return { success: false, error: "不允许执行非只读操作。仅支持SELECT、SHOW、DESCRIBE等查询语句。", code: "READONLY_VIOLATION" }; } // MSSQL support needs to be implemented return { success: false, error: "MSSQL support needs to be implemented", code: "NOT_IMPLEMENTED" }; }
- mcp.full.config.js:117-157 (schema)Schema definition including input parameters, types, requirements, and annotations for the query_mssql tool.query_mssql: { name: "query_mssql", description: "执行MSSQL数据库查询(只读模式)", inputSchema: { type: "object", properties: { host: { type: "string", description: "数据库主机地址" }, port: { type: "integer", description: "数据库端口" }, user: { type: "string", description: "数据库用户名" }, pwd: { type: "string", description: "数据库密码" }, db: { type: "string", description: "数据库名称" }, querySql: { type: "string", description: "要执行的SQL查询语句(仅支持SELECT等只读操作)" } }, required: ["host", "port", "user", "pwd", "db", "querySql"] }, annotations: { title: "MSSQL数据库查询工具(只读)", readOnlyHint: true, destructiveHint: false, idempotentHint: false, openWorldHint: false } },
- mcp-server.js:79-86 (registration)Registers query_mssql in the list of available tools returned by ListToolsRequest.tools: [ config.tools.query_mysql, config.tools.query_postgresql, config.tools.query_mssql, config.tools.query_oracle ] }; });
- mcp-server.js:44-46 (registration)Registers the dispatch to query_mssql handler in the CallToolRequest switch statement.case config.tools.query_mssql.name: result = await dbTool.executeMSSQL(request.params.arguments); break;
- db-query-tool.js:23-71 (helper)Helper function to check if SQL query is read-only, used by all database query handlers including MSSQL.isReadOnlyQuery(sql) { // 转换为小写以便比较 const lowerSql = sql.trim().toLowerCase(); // 允许的只读操作关键词 const allowedPatterns = [ /^select/, /^show/, /^describe/, /^desc/, /^explain/, /^use/ ]; // 禁止的写操作关键词 const forbiddenPatterns = [ /insert/, /update/, /delete/, /drop/, /truncate/, /alter/, /create/, /replace/, /grant/, /revoke/, /commit/, /rollback/, /savepoint/, /set/ ]; // 检查是否包含禁止的关键词 for (const pattern of forbiddenPatterns) { if (pattern.test(lowerSql)) { return false; } } // 检查是否以允许的关键词开头 for (const pattern of allowedPatterns) { if (pattern.test(lowerSql)) { return true; } } // 如果既不明确允许也不明确禁止,默认为不安全 return false; }