fix(query): user/role name not support \b and \f (#17530)

TCeason · web-flow · commit 98c3da767381 · 2025-02-27T14:37:13.000+08:00
diff --git a/src/query/sql/src/planner/binder/binder.rs b/src/query/sql/src/planner/binder/binder.rs
@@ -408,7 +408,7 @@ impl<'a> Binder {
             } => {
                 if illegal_ident_name(role_name) {
                     return Err(ErrorCode::IllegalRole(
-                        format!("Illegal Role Name: Illegal role name [{}], not support username contain ' or \"", role_name),
+                        format!("Illegal Role Name: Illegal role name [{}], not support username contain ' or \" or \\b or \\f", role_name),
                     ));
                 }
                 Plan::CreateRole(Box::new(CreateRolePlan {
diff --git a/src/query/sql/src/planner/binder/ddl/account.rs b/src/query/sql/src/planner/binder/ddl/account.rs
@@ -265,7 +265,7 @@ impl Binder {
         } = stmt;
         if illegal_ident_name(&user.username) {
             return Err(ErrorCode::IllegalUser(format!(
-                "Illegal Username: Illegal user name [{}], not support username contain ' or \"",
+                "Illegal Username: Illegal user name [{}], not support username contain ' or \" \\b or \\f",
                 user.username
             )));
         }
diff --git a/src/query/sql/src/planner/binder/util.rs b/src/query/sql/src/planner/binder/util.rs
@@ -33,7 +33,9 @@ use crate::NameResolutionSuggest;
 /// Ident name can not contain ' or "
 /// Forbidden ' or " in UserName and RoleName, to prevent Meta injection problem
 pub fn illegal_ident_name(ident_name: &str) -> bool {
-    ident_name.chars().any(|c| c == '\'' || c == '\"')
+    ident_name
+        .chars()
+        .any(|c| c == '\'' || c == '\"' || c == '\u{000C}' || c == '\u{0008}')
 }
 
 impl Binder {
diff --git a/tests/sqllogictests/suites/base/05_ddl/05_0004_ddl_create_user.test b/tests/sqllogictests/suites/base/05_ddl/05_0004_ddl_create_user.test
@@ -90,3 +90,15 @@ create user `a"a` identified by '123'
 
 statement error 2218
 create user `a'a` identified by '123'
+
+statement error 2218
+CREATE user 'a\b' identified by '123'
+
+statement error 2218
+CREATE user 'a\f' identified by '123'
+
+statement ok
+drop user if exists 'a\b';
+
+statement ok
+drop user if exists 'a\f';
diff --git a/tests/sqllogictests/suites/base/05_ddl/05_0014_ddl_create_role.test b/tests/sqllogictests/suites/base/05_ddl/05_0014_ddl_create_role.test
@@ -7,6 +7,18 @@ CREATE ROLE `test-a`
 statement error 2216
 CREATE ROLE `test-a`
 
+statement error 2217
+CREATE ROLE 'a\b'
+
+statement error 2217
+CREATE ROLE 'a\f'
+
+statement ok
+drop role if exists 'a\b';
+
+statement ok
+drop role if exists 'a\f';
+
 statement ok
 CREATE ROLE IF NOT EXISTS `test-a`
 
@@ -32,7 +44,7 @@ statement error 2217
 create role 'public'
 
 statement error 2217
-create role `a"a`
+create role 'a"a'
 
 statement error 2217
-create role `a'a`
+create role "a'a"

Original file line number	Diff line number	Diff line change
`@@ -408,7 +408,7 @@ impl<'a> Binder {`
`408`	`408`	`} => {`
`409`	`409`	`if illegal_ident_name(role_name) {`
`410`	`410`	`return Err(ErrorCode::IllegalRole(`
`411`		`- format!("Illegal Role Name: Illegal role name [{}], not support username contain ' or \"", role_name),`
	`411`	`+ format!("Illegal Role Name: Illegal role name [{}], not support username contain ' or \" or \\b or \\f", role_name),`
`412`	`412`	`));`
`413`	`413`	`}`
`414`	`414`	`Plan::CreateRole(Box::new(CreateRolePlan {`
Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ impl Binder {`
`265`	`265`	`} = stmt;`
`266`	`266`	`if illegal_ident_name(&user.username) {`
`267`	`267`	`return Err(ErrorCode::IllegalUser(format!(`
`268`		`- "Illegal Username: Illegal user name [{}], not support username contain ' or \"",`
	`268`	`+ "Illegal Username: Illegal user name [{}], not support username contain ' or \" \\b or \\f",`
`269`	`269`	`user.username`
`270`	`270`	`)));`
`271`	`271`	`}`