From 43abb8def2d747333cbc1a424f509c0cb570d051 Mon Sep 17 00:00:00 2001 From: Karl Burtram Date: Tue, 4 Jun 2019 13:27:18 -0700 Subject: [PATCH] Restrict settings to known values (#821) --- .../SqlContext/QueryExecutionSettings.cs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.SqlTools.ServiceLayer/SqlContext/QueryExecutionSettings.cs b/src/Microsoft.SqlTools.ServiceLayer/SqlContext/QueryExecutionSettings.cs index dd3f9ea2..d0ef045e 100644 --- a/src/Microsoft.SqlTools.ServiceLayer/SqlContext/QueryExecutionSettings.cs +++ b/src/Microsoft.SqlTools.ServiceLayer/SqlContext/QueryExecutionSettings.cs @@ -3,6 +3,7 @@ // Licensed under the MIT license. See LICENSE file in the project root for full license information. // +using System; using Microsoft.SqlTools.ServiceLayer.QueryExecution.Contracts; using Microsoft.SqlTools.Utility; @@ -421,7 +422,14 @@ namespace Microsoft.SqlTools.ServiceLayer.SqlContext } set { - SetOptionValue("transactionIsolationLevel", value); + if (string.Equals("READ UNCOMMITTED", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("READ COMMITTED", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("REPEATABLE READ", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("SNAPSHOT", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("SERIALIZABLE", value, StringComparison.OrdinalIgnoreCase)) + { + SetOptionValue("transactionIsolationLevel", value); + } } } @@ -436,7 +444,12 @@ namespace Microsoft.SqlTools.ServiceLayer.SqlContext } set { - SetOptionValue("deadlockPriority", value); + if (string.Equals("LOW", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("NORMAL", value, StringComparison.OrdinalIgnoreCase) + || string.Equals("HIGH", value, StringComparison.OrdinalIgnoreCase)) + { + SetOptionValue("deadlockPriority", value); + } } }