Skip to content

Merge | SqlCommand Encryption Methods #3676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open

Merge | SqlCommand Encryption Methods #3676

wants to merge 31 commits into from

Conversation

@benrr101
Copy link
Contributor

@benrr101 benrr101 commented Oct 8, 2025

Description

This is the second to last PR I have planned for merging SqlCommand. In this installment, the methods related to parameter encryption are merged, as well as some other blocks that don't have well defined organization. I'm not certain that these should have their own partial, but to avoid the base partial being too large to navigate, I made the executive decision to make a partial. Each commit is bite-sized and focuses on a single or a couple related methods at a time.

The following methods were merged in this PR:

  • BuildStoredProcedureStatementForColumnEncryption
  • ClearDescribeParameterEncryptionRequests
  • _currentlyExecutingDescribeParameterEncryptionRPC
  • _customColumnEncryptionKeyStoreProviders
  • customData
  • customDataLength
  • enclaveAttestationParameters
  • GetColumnEncryptionCustomKeyProvidersNames
  • GetEnclaveSessionParameters
  • GetParameterEncryptionDataReader - code from netcore taken since it is more concise
  • GetParameterEncryptionDataReaderAsync - code from netcore taken since it is more concise
  • HasColumnEncryptionKeyStoreProviderRegistered
  • InvalidateEnclaveSession
  • IsDescribeParameterEncryptionRPCCurrentlyInProgress
  • keysToBeSentToEnclave
  • PrepareDescribeParameterEncryptionRequest
  • PrepareTransparentEncryptionFinallyBlock
  • ReadDescribeEncryptionParameterResults
    • Factored this massive method into three additional methods (1-3) that read a specific result set from sp_describe_parameter_encryption
    • Removed debug-only rowsAffected member as it was only being used to check if the server returned the right number of rows from sp_describe_parameter_encryption in debug mode.
  • requiresEnclaveComputations
  • ResetEncryptionState
  • RowsAffectedByDescribeParameterEncryption
  • _rowsAffectedBySpDescribeParameterEncryption
  • _rpcForEncryption
  • SetColumnEncryptionSetting
  • ShouldCacheEncryptionMetadata
  • ShouldUseEnclaveBasedWorkflow
  • _sqlRPCParameterEncryptionRegArray
  • Test behavior overrides
    • _forceInternalEndQuery
    • _forceRetryableEnclaveQueryExecutionExceptionDuringGenerateEnclavePackage
    • _sleepAfterReadDescribeEncryptionParameterResults
    • _sleepDuringRunExecuteReaderTdsForSpDescribeParameterEncryption
    • _sleepDuringTryFetchInputParameterEncryptionInfo
  • TryFetchInputParameterEncryptionInfo
  • TryGetColumnEncryptionKeyStoreProvider
  • ValidateCustomProviders
  • _wasBatchModeColumnEncryptionSettingsSetOnce

Issues

Continuation of work in #1261

Testing

Build passes, SqlCommandTests pass locally. CI should validate the rest of it.

benrr101 added 25 commits October 8, 2025 17:41
@benrr101
Merge test behavior overrides
08f86b6
@benrr101
Create encryption partial - the reader partial is getting too big.
9063c0b
@benrr101
Merge GetParameterEncryptionDataReader from netcore, update netfx to …
85bda18 
…use it.
@benrr101
Merge GetParameterEncryptionDataReaderAsync from netcore, update netf…
45e568b 
…x to use it.
@benrr101
Factor out the second result set read for ReadDescribeEncryptionParam…
cc242fb 
…eterResults
@benrr101
Factor out ReadDescribeEncryptionParameterResults1 from ReadDescribeE…
d1fbee0 
…ncryptionParameterResults
@benrr101
Factor out ReadDescribeEncryptionParameterResults3 from ReadDescribeE…
04ea706 
…ncryptionParameterResults
@benrr101
Repeat factoring out in netcore
70ba99f
@benrr101
Executive decision: removing debug-only row count - it's to make sure…
db8bd2a 
… the server returns the right number of rows for the sp_describe_parameter_encryption, but since it's just a debug build check, it has no bearing on prod builds.
@benrr101
Merge ReadDescribeEncryptionParameterResults
2f870c2
@benrr101
Merge ShouldCacheEncryptinMetadata, keysToBeSentToEnclave and require…
31662a0 
…sEnclaveComputations
@benrr101
Merge enclavePackage, enclaveAttestationParameters, customData, custo…
ee8ce4c 
…mDataLength
@benrr101
Merge ShouldUseEnclaveBasedWorkflow, _customColumnEncryptionKeyStoreP…
ee295ee 
…roviders, HasColumnEncryptionKeyStoreProviderRegistered
@benrr101
Merge _sqlRPCParameterEncryptionRegArray, _currentlyExecutingDescribe…
cfd3353 
…ParameterEncryptionRPC, IsDescribeParameterEncryptionRPCCurrentlyInProgress
@benrr101
Merge InvalidateEnclaveession, GetEnclaveSessionParameters
cd5ce3f
@benrr101
Merge ValidateCustomProviders
f4046b5
@benrr101
Merge ResetEncryptionState()
e0656c3
@benrr101
Merge PrepareTransparentEncryptionFinallyBlock
cb34479
@benrr101
Merge _rowsAffectedBySpDescribeParameterEncryption and RowsAffectedBy…
6b82413 
…DescribeParameterEncryption
@benrr101
Merge SetColumnEncryptionSetting and _wasBatchModeColumnEncryptionSet…
588a724 
…tingSetOnce
@benrr101
Merge GetColumnEncryptionCustomKeyProvidersNames and TryGetColumnEncr…
016756b 
…yptionKeyStoreProvider
@benrr101
Merge TryFetchInputParameterEncryptionInfo
5bc19f9
@benrr101
Merge PrepareDescribeParameterEncryptionRequest
06e0bf1
@benrr101
Merge ClearDescribeParameterEncryptionRequests
db8b2e7
@benrr101
Merge _rpcForEncryption, BuildStoredProcedureStatementForColumnEncryp…
0b683cc 
…tion
@benrr101 benrr101 added this to the 7.0.0-preview3 milestone Oct 8, 2025
Copilot AI review requested due to automatic review settings October 8, 2025 23:14
@benrr101 benrr101 requested a review from a team as a code owner October 8, 2025 23:14
@benrr101 benrr101 added the Common Project 🚮 Things that relate to the common project project label Oct 8, 2025
Copilot AI reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges SqlCommand encryption-related methods from platform-specific files into a shared partial class file for better code organization and maintainability. The changes consolidate encryption functionality that was previously duplicated across .NET Framework and .NET Core implementations.

  • Moves encryption-related methods from platform-specific SqlCommand files to a new shared SqlCommand.Encryption.cs file
  • Consolidates fields, properties, and methods related to column encryption and enclave operations
  • Removes code duplication between netfx and netcore implementations

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
SqlCommand.Encryption.cs New shared partial class containing all encryption-related methods and fields
SqlCommand.cs Added encryption-related fields and properties to shared base class
SqlParameter.cs Added TODO comment about parameter name prefixing logic
SqlSecurityUtility.cs Added debug assertion for connection null check
EnclaveDelegate.cs Added TODO comment about class naming
SqlCommand.netfx.cs Removed encryption methods now in shared file
SqlCommand.netcore.cs Removed encryption methods now in shared file
Project files Added reference to new SqlCommand.Encryption.cs file

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlCommand.Encryption.cs
// @TODO: 3) This doesn't check for null _customColumnEncryptionKeyStoreProviders
internal List<string> GetColumnEncryptionCustomKeyStoreProvidersNames()
{
if (_customColumnEncryptionKeyStoreProviders.Count > 0)
Copy link

Copilot AI Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential null reference exception. The method doesn't check if _customColumnEncryptionKeyStoreProviders is null before accessing its Count property, but line 28 in the TODO comment indicates this should be checked.

Suggested change
if (_customColumnEncryptionKeyStoreProviders.Count > 0)
if (_customColumnEncryptionKeyStoreProviders != null && _customColumnEncryptionKeyStoreProviders.Count > 0)

Copilot uses AI. Check for mistakes.
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlCommand.Encryption.cs
Comment on lines +1034 to +1037
// @TODO: 1) storing this as Command state seems fishy
// @TODO: 2) despite being concurrent, the usage of ContainsKey -> TryAdd is a race condition
// @TODO: 3) we have SqlTceCipherInfoTable, we should use it - or make it usable.
// @TODO: 4) even if we're supposed to store it as state, is the intention to obliterate the list each time? If so, we should probably store it locally and replace the state obj at the end.
Copy link

Copilot AI Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Race condition in concurrent dictionary usage. The pattern of checking ContainsKey followed by TryAdd on lines 1043-1045 creates a race condition where multiple threads could pass the ContainsKey check simultaneously.

Copilot uses AI. Check for mistakes.
edwardneal
edwardneal reviewed Oct 9, 2025
View reviewed changes
Copy link
Contributor

@edwardneal edwardneal left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good - we're almost there!

paulmedynski
paulmedynski previously approved these changes Oct 9, 2025
View reviewed changes
paulmedynski
paulmedynski previously approved these changes Oct 10, 2025
View reviewed changes
@paulmedynski paulmedynski self-assigned this Oct 10, 2025
mdaigle
mdaigle previously approved these changes Oct 10, 2025
View reviewed changes
paulmedynski
paulmedynski previously approved these changes Oct 16, 2025
View reviewed changes
@mdaigle
Copy link
Contributor

mdaigle commented Oct 17, 2025

Looks like there are some genuine test failures in here:
image
image

@benrr101 benrr101 marked this pull request as draft October 20, 2025 17:44
@benrr101 benrr101 dismissed stale reviews from paulmedynski and mdaigle via 040aef4 October 20, 2025 17:56
@benrr101 benrr101 force-pushed the dev/russellben/merge/sqlcommand-nocer-encryption branch from 040aef4 to ca5037e Compare October 22, 2025 17:26
@codecov
Copy link

codecov bot commented Oct 27, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 83.00283% with 120 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.75%. Comparing base (37a9c99) to head (3028240).
⚠️ Report is 9 commits behind head on main.

Files with missing lines Patch % Lines
.../Microsoft/Data/SqlClient/SqlCommand.Encryption.cs 83.02% 109 Missing ⚠️
...src/Microsoft/Data/SqlClient/SqlCommand.netcore.cs 80.39% 10 Missing ⚠️
...lClient/src/Microsoft/Data/SqlClient/SqlCommand.cs 92.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3676      +/-   ##
==========================================
- Coverage   77.35%   76.75%   -0.61%     
==========================================
  Files         271      273       +2     
  Lines       45123    44914     -209     
==========================================
- Hits        34907    34474     -433     
- Misses      10216    10440     +224
Flag Coverage Δ
addons 90.82% <ø> (ø)
netcore 76.64% <83.00%> (-0.70%) ⬇️
netfx 76.30% <83.20%> (-0.13%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@benrr101 benrr101 marked this pull request as ready for review October 27, 2025 22:50
@benrr101
Copy link
Contributor Author

Found all the bugs! Requesting new reviews from @mdaigle @paulmedynski :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mdaigle mdaigle mdaigle left review comments

@paulmedynski paulmedynski paulmedynski left review comments

+1 more reviewer

@edwardneal edwardneal edwardneal left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@paulmedynski paulmedynski

Labels

Common Project 🚮 Things that relate to the common project project

Projects

None yet

Milestone

7.0.0-preview3

Development

Successfully merging this pull request may close these issues.

4 participants

@benrr101 @mdaigle @paulmedynski @edwardneal