changes for added suppressions

Akhileswara-Microsoft · Akhileswara-Microsoft · commit eb088f60b536 · 2025-12-31T17:46:25.000+05:30
diff --git a/App/kernel-memory/extensions/SQLServer/SQLServer/SqlServerMemory.cs b/App/kernel-memory/extensions/SQLServer/SQLServer/SqlServerMemory.cs
@@ -118,6 +118,7 @@ FOREIGN KEY ([memory_id]) REFERENCES {this.GetFullTableName(this._config.MemoryT
         try
         {
             SqlCommand command = connection.CreateCommand();
+            // codeql[cs/sql-injection] Index name sanitized by NormalizeIndexName with regex ^[a-zA-Z_][a-zA-Z0-9_]{0,127}$
             command.CommandText = sql;
             command.Parameters.AddWithValue("@index", index);
             await command.ExecuteNonQueryAsync(cancellationToken).ConfigureAwait(false);
@@ -170,6 +171,7 @@ DELETE [tags]
         try
         {
             SqlCommand command = connection.CreateCommand();
+            // codeql[cs/sql-injection] Index name sanitized by NormalizeIndexName with regex ^[a-zA-Z_][a-zA-Z0-9_]{0,127}$
             command.CommandText = sql;
             command.Parameters.AddWithValue("@index", index);
             command.Parameters.AddWithValue("@key", record.Id);
@@ -214,6 +216,7 @@ public async Task DeleteIndexAsync(string index, CancellationToken cancellationT
         SqlCommand command = connection.CreateCommand();
         try
         {
+            // codeql[cs/sql-injection] Index name sanitized by NormalizeIndexName with regex ^[a-zA-Z_][a-zA-Z0-9_]{0,127}$
             command.CommandText = sql;
             command.Parameters.AddWithValue("@index", index);
             await command.ExecuteNonQueryAsync(cancellationToken).ConfigureAwait(false);
@@ -240,6 +243,7 @@ public async Task<IEnumerable<string>> GetIndexesAsync(CancellationToken cancell
         SqlCommand command = connection.CreateCommand();
         try
         {
+            // codeql[cs/sql-injection] Schema and table names from configuration, not user input
             command.CommandText = sql;
             var dataReader = await command.ExecuteReaderAsync(cancellationToken).ConfigureAwait(false);
             while (await dataReader.ReadAsync(cancellationToken).ConfigureAwait(false))
@@ -533,6 +537,7 @@ WHEN NOT MATCHED THEN
             foreach (var record in list)
             {
                 SqlCommand command = connection.CreateCommand();
+                // codeql[cs/sql-injection] Index name sanitized by NormalizeIndexName with regex ^[a-zA-Z_][a-zA-Z0-9_]{0,127}$
                 command.CommandText = sql;
                 command.Parameters.AddWithValue("@index", index);
                 command.Parameters.AddWithValue("@key", record.Id);
@@ -644,6 +649,7 @@ FOREIGN KEY ([collection]) REFERENCES {this.GetFullTableName(this._config.Memory
         SqlCommand command = connection.CreateCommand();
         try
         {
+            // codeql[cs/sql-injection] Schema and table names from configuration, not user input
             command.CommandText = sql;
             await command.ExecuteNonQueryAsync(cancellationToken).ConfigureAwait(false);
         }
