mcp-postgres 4.0.4

High-performance MCP server for PostgreSQL with CPU-aware connection pooling and optimized buffers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

use crate::errors::MCPError;

const MAX_IDENTIFIER_LEN: usize = 255;

pub fn validate_identifier(name: &str, label: &str) -> Result<(), MCPError> {
    if name.is_empty() {
        return Err(MCPError::InvalidParams(format!(
            "'{label}' must not be empty"
        )));
    }
    if name.len() > MAX_IDENTIFIER_LEN {
        return Err(MCPError::InvalidParams(format!(
            "'{label}' exceeds maximum length of {MAX_IDENTIFIER_LEN} characters (got {})",
            name.len()
        )));
    }
    for ch in name.chars() {
        if !ch.is_alphanumeric() && ch != '_' {
            return Err(MCPError::InvalidParams(format!(
                "'{label}' contains invalid character '{ch}' — only alphanumeric and underscore allowed"
            )));
        }
    }
    if name.starts_with(|c: char| c.is_ascii_digit()) {
        return Err(MCPError::InvalidParams(format!(
            "'{label}' must not start with a digit"
        )));
    }
    Ok(())
}

pub fn quote_identifier(name: &str) -> String {
    quote_ident(name)
}

/// Quote a PostgreSQL identifier, escaping embedded double-quotes.
/// Use this instead of duplicating `format!("\"{}\"", s.replace('"', "\"\""))` in every module.
pub fn quote_ident(name: &str) -> String {
    let mut out = String::with_capacity(name.len() + 2);
    out.push('"');
    for ch in name.chars() {
        if ch == '"' {
            out.push_str("\"\"");
        } else {
            out.push(ch);
        }
    }
    out.push('"');
    out
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_valid_identifier() {
        assert!(validate_identifier("users", "table").is_ok());
        assert!(validate_identifier("user_orders_2024", "table").is_ok());
    }

    #[test]
    fn test_empty_identifier() {
        let err = validate_identifier("", "table").unwrap_err();
        assert!(err.to_string().contains("must not be empty"));
    }

    #[test]
    fn test_too_long_identifier() {
        let long = "a".repeat(256);
        let err = validate_identifier(&long, "table").unwrap_err();
        assert!(err.to_string().contains("exceeds maximum length"));
    }

    #[test]
    fn test_invalid_char_identifier() {
        let err = validate_identifier("users; DROP TABLE", "table").unwrap_err();
        assert!(err.to_string().contains("invalid character"));
    }

    #[test]
    fn test_digit_start_identifier() {
        let err = validate_identifier("1users", "table").unwrap_err();
        assert!(err.to_string().contains("must not start with a digit"));
    }

    #[test]
    fn test_quote_identifier() {
        assert_eq!(quote_identifier("users"), "\"users\"");
        assert_eq!(quote_identifier("order_items"), "\"order_items\"");
    }
}