resolved copilot comments

Author: Kanchan-Microsoft

App/backend-api/Microsoft.GS.DPS.Host/API/KernelMemory/KernelMemory.cs

@@ -94,10 +94,12 @@ DPS.API.KernelMemory kernelMemory
                     return Results.Ok(new DocumentDeletedResult() { IsDeleted = true });
                 }
 #pragma warning disable CA1031 // Must catch all to log and keep the process alive
-                catch (Exception)
+                catch (Exception ex)
                 {
+                    app.Logger.LogError(ex, "An error occurred while deleting document {DocumentId}.", documentId);
                     return Results.BadRequest(new DocumentDeletedResult() { IsDeleted = false });
                 }
+#pragma warning restore CA1031
             })
             .DisableAntiforgery();
 

App/frontend-app/src/components/documentViewer/documentViewer.tsx

@@ -17,7 +17,6 @@ import { PagesTab } from "./PagesTab";
 import { PageNumberTab } from "./pageNumberTab";
 import { DialogTitleBar } from "./dialogTitleBar";
 import { AIKnowledgeTab } from "./aIKnowledgeTab";
-import { useTranslation } from "react-i18next";
 
 const useStyles = makeStyles({
     dialog: {

App/frontend-app/src/components/filter/filter.tsx

@@ -1,6 +1,5 @@
 import React, { useEffect, useState, memo, useRef } from "react"; 
 import { Checkbox } from "@fluentui/react-checkbox";
-import { useTranslation } from "react-i18next";
 import { Accordion, AccordionHeader, AccordionItem, AccordionPanel, makeStyles } from "@fluentui/react-components";
 
 const useStyles = makeStyles({

App/frontend-app/src/components/headerBar/headerBar.tsx

@@ -2,8 +2,6 @@ import React, { MouseEventHandler, useMemo, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Link, useNavigate } from "react-router-dom";
 import { useMsal } from "@azure/msal-react";
-import { Auth } from "../../utils/auth/auth";
-import { RedirectRequest } from "@azure/msal-browser";
 import {
     Avatar,
     makeStyles,
@@ -16,7 +14,6 @@ import {
 } from "@fluentui/react-components";
 import resolveConfig from "tailwindcss/resolveConfig";
 import TailwindConfig from "../../../tailwind.config";
-import { isPlatformAdmin } from "../../utils/auth/roles";
 
 const fullConfig = resolveConfig(TailwindConfig);
 const useStylesAvatar = makeStyles({

App/kernel-memory/extensions/SQLServer/SQLServer/SqlServerMemory.cs

@@ -490,9 +490,13 @@ public void Dispose()
 
     #region private ================================================================================
 
-    // Note: "_" is allowed in SQL Server, but we normalize it to "-" for consistency with other DBs
-    private static readonly Regex s_replaceIndexNameCharsRegex = new(@"[\s|\\|/|.|_|:]");
-    private const string ValidSeparator = "-";
+    // Note: "_" is allowed in SQL Server and used as the safe separator
+    private static readonly Regex s_replaceIndexNameCharsRegex = new(@"[\s|\\|/|.|:]");
+    private const string ValidSeparator = "_";
+    
+    // Validation regex to ensure normalized index names contain only safe SQL identifier characters
+    private static readonly Regex s_validIndexNameRegex = new(@"^[a-z0-9_]+$");
+    private const int MaxIndexNameLength = 128;
 
     /// <summary>
     /// Prepare instance, ensuring tables exist and reusable info is cached.
@@ -586,6 +590,7 @@ private async Task<bool> DoesIndexExistsAsync(string indexName,
     /// <returns></returns>
     private string GetFullTableName(string tableName)
     {
+        ValidateTableName(tableName);
         return $"[{this._config.Schema}].[{tableName}]";
     }
 
@@ -601,6 +606,9 @@ private string GenerateFilters(
         SqlParameterCollection parameters,
         ICollection<MemoryFilter>? filters = null)
     {
+        // Validate index before using it in SQL construction (defense in depth)
+        ValidateIndexName(index);
+
         var filterBuilder = new StringBuilder();
 
         if (filters is null || filters.Count <= 0 || filters.All(f => f.Count <= 0))
@@ -684,8 +692,61 @@ private static string NormalizeIndexName(string index)
 
         index = s_replaceIndexNameCharsRegex.Replace(index.Trim().ToLowerInvariant(), ValidSeparator);
 
+        // Validate the normalized index name
+        ValidateIndexName(index);
+
         return index;
     }
 
+    /// <summary>
+    /// Validates that an index name contains only safe SQL identifier characters.
+    /// This prevents SQL injection when index names are used in dynamic SQL.
+    /// </summary>
+    /// <param name="index">The index name to validate.</param>
+    /// <exception cref="ConfigurationException">Thrown if the index name is invalid.</exception>
+    private static void ValidateIndexName(string index)
+    {
+        if (string.IsNullOrEmpty(index))
+        {
+            throw new ConfigurationException("The index name is empty after normalization");
+        }
+
+        if (index.Length > MaxIndexNameLength)
+        {
+            throw new ConfigurationException($"The index name '{index}' exceeds the maximum allowed length of {MaxIndexNameLength} characters");
+        }
+
+        if (!s_validIndexNameRegex.IsMatch(index))
+        {
+            throw new ConfigurationException($"The index name '{index}' contains invalid characters. Only lowercase letters, numbers, and underscores are allowed");
+        }
+    }
+
+    /// <summary>
+    /// Validates that a table name contains only safe SQL identifier characters.
+    /// This prevents SQL injection when table names are used in dynamic SQL.
+    /// </summary>
+    /// <param name="tableName">The table name to validate.</param>
+    /// <exception cref="ConfigurationException">Thrown if the table name is invalid.</exception>
+    private static void ValidateTableName(string tableName)
+    {
+        if (string.IsNullOrWhiteSpace(tableName))
+        {
+            throw new ConfigurationException("The table name is empty");
+        }
+
+        if (tableName.Length > MaxIndexNameLength)
+        {
+            throw new ConfigurationException($"The table name '{tableName}' exceeds the maximum allowed length of {MaxIndexNameLength} characters");
+        }
+
+        // Table names can contain letters, digits, underscores, and hyphens
+        // This covers both base table names and index-suffixed table names like "TableName_indexname"
+        if (!s_validIndexNameRegex.IsMatch(tableName))
+        {
+            throw new ConfigurationException($"The table name '{tableName}' contains invalid characters. Only lowercase letters, numbers, and underscores are allowed");
+        }
+    }
+
     #endregion
 }

App/kernel-memory/service/Abstractions/Diagnostics/ArgumentOutOfRangeExceptionEx.cs

@@ -195,7 +195,7 @@ public static void ThrowIfEqualToOrGreaterThan(float value, float other, string
 
     public static void ThrowIfZero(double value, string paramName, string message)
     {
-        if (Math.Abs(value) > 0) { return; }
+        if (value != 0d) { return; }
 
         throw new ArgumentOutOfRangeException(paramName, message);
     }

App/kernel-memory/service/Core/Pipeline/Queue/DevTools/SimpleQueues.cs

@@ -235,6 +235,10 @@ private void PopulateQueue(object? sender, ElapsedEventArgs elapsedEventArgs)
             {
                 this._log.LogError(e, "Unexpected error while polling the queue");
             }
+            catch (Exception e)
+            {
+                this._log.LogError(e, "Unexpected error while populating queue {QueueName}", this._queueName);
+            }
             finally
             {
                 this._busy = false;