Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query runner: Block known problematic functions if found in parse tree #660

Merged
merged 4 commits into from
Jan 7, 2025
Merged

Query runner: Block known problematic functions if found in parse tree #660

merged 4 commits into from
Jan 7, 2025

Conversation

lfittl
Copy link
Member

@lfittl lfittl commented Jan 7, 2025

This acts as an additional defense in case the user does not revoke permissions from non-superuser for dblink as we recommend.

@lfittl
Query runner: Block known problematic functions if found in parse tree
6c2f34e 
This acts as an additional defense in case the user does not revoke
permissions from non-superuser for dblink as we recommend.
msakrejda
msakrejda approved these changes Jan 7, 2025
View reviewed changes
input/postgres/explain_analyze.go Show resolved Hide resolved
keiko713
keiko713 reviewed Jan 7, 2025
View reviewed changes
input/postgres/explain_analyze.go
switch stmt.(type) {
case *pg_query.Node_SelectStmt:
// Allowed, continue
// Note that we permit wCTEs here (for now), and instead rely on the read-only transaction to block them
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked a bit offline too, but we could potentially do these checks in the below treewalk so that we can also check wCTEs. I think it's fine as is for now, but we could come back later potentially.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, lets revise that at a later point, but agreed we could adjust this to match the check we do on the server side for wCTEs.

keiko713
keiko713 approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@keiko713 keiko713 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for improving readability with treewalker 👍

@lfittl lfittl merged commit 5b7b8d4 into main Jan 7, 2025
3 checks passed
@lfittl lfittl deleted the block-dblink-functions branch January 7, 2025 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msakrejda msakrejda msakrejda approved these changes

@keiko713 keiko713 keiko713 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lfittl @msakrejda @keiko713