execute_procedure
Executes a stored procedure that is included in the authorized procedures list (whitelist).
Parameters
Section titled “Parameters”| Name | Type | Required | Description |
|---|---|---|---|
procedure_name | string | Yes | Name of the procedure to execute |
parameters | string | No | JSON object with parameter names and values |
Required configuration
Section titled “Required configuration”To use this tool, you must configure the environment variable:
MSSQL_WHITELIST_PROCEDURES="sp_GetCustomerOrders,sp_GenerateReport"Usage example
Section titled “Usage example”{ "name": "execute_procedure", "arguments": { "procedure_name": "sp_GetCustomerOrders", "parameters": "{\"customer_id\": 123}" }}Security
Section titled “Security”- Only executes whitelisted procedures — Any unauthorized procedure is rejected
- Name validation — Names are validated with regex
^[\w.\[\]]+$to prevent injection - Dangerous procedures blocked —
xp_cmdshell,sp_configure,sp_executesqland others are explicitly blocked even if added to the whitelist - Security logging — Each execution is recorded in the security logs
Safe system procedures
Section titled “Safe system procedures”In read-only mode, the following system procedures are allowed without needing to be whitelisted:
sp_help,sp_helptext,sp_helpindexsp_columns,sp_tablessp_fkeys,sp_pkeyssp_databases