Merge pull request #424 from diffix/cristian/misc

cristianberneanu · web-flow · commit 2eca626325eb · 2022-08-03T16:24:05.000+03:00
Allow all discovery queries over `pg_class`.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 # Changelog
+  - Allow all discovery queries over `pg_class`.
 
 ## Version 1.0.3
   - Reject unsupported column types during AID labeling.
diff --git a/src/query/allowed_objects.c b/src/query/allowed_objects.c
@@ -60,12 +60,10 @@ static const char *const g_pg_catalog_allowed_rels[] = {
     "pg_publication_rel", "pg_rewrite", "pg_roles", "pg_seclabel", "pg_seclabels", "pg_sequence", "pg_settings", "pg_shadow",
     "pg_shdepend", "pg_shdescription", "pg_shseclabel", "pg_stat_gssapi", "pg_subscription", "pg_subscription_rel", "pg_tablespace",
     "pg_trigger", "pg_ts_config", "pg_ts_dict", "pg_ts_parser", "pg_ts_template", "pg_type", "pg_user", "pg_tables", "pg_matviews",
-    "pg_indexes", "pg_proc" /* `pg_proc` contains `procost` and `prorows` but both seem to be fully static data. */
+    "pg_indexes", "pg_class", "pg_proc" /* `pg_proc` contains `procost` and `prorows` but both seem to be fully static data. */
 };
 
 static AllowedCols g_pg_catalog_allowed_cols[] = {
-    /* In `pg_class` there is `reltuples` which must be blocked, causing some less annoying breakage in some clients. */
-    {.rel_name = "pg_class", .col_names = {"tableoid", "oid", "relname", "relnamespace", "relowner", "relkind", "reloftype", "relam", "reltablespace", "reltoastrelid", "relhasindex", "relpersistence", "relchecks", "relhasrules", "relhastriggers", "relrowsecurity", "relforcerowsecurity", "relreplident", "relispartition", "relpartbound", "reloptions", "xmin", "reltoastrelid", "relispopulated", "relacl"}},
     {.rel_name = "pg_statistic_ext", .col_names = {"tableoid", "oid", "stxrelid", "stxname", "stxnamespace", "stxstattarget", "stxkeys", "stxkind"}},
     {.rel_name = "pg_stat_activity", .col_names = {"datname", "pid", "usename", "application_name", "client_addr", "backend_start", "xact_start", "query_start", "state_change", "wait_event_type", "wait_event", "state", "query", "backend_type", "client_hostname", "client_port", "backend_start", "backend_xid", "backend_xmin"}},
     /*
diff --git a/test/expected/validation.out b/test/expected/validation.out
@@ -461,7 +461,7 @@ SELECT * FROM pg_stat_user_functions LIMIT 10;
 ERROR:  permission denied for schema pg_catalog
 SELECT * FROM pg_stat_user_indexes LIMIT 10;
 ERROR:  permission denied for schema pg_catalog
-SELECT * FROM pg_class LIMIT 10;
+SELECT * FROM pg_stat_activity LIMIT 10;
 ERROR:  permission denied for schema pg_catalog
 -- Get rejected because of inheritance
 SELECT x, y FROM subclass;
diff --git a/test/sql/validation.sql b/test/sql/validation.sql
@@ -237,7 +237,7 @@ SELECT * FROM pg_stats LIMIT 10;
 SELECT * FROM pg_statistic LIMIT 10;
 SELECT * FROM pg_stat_user_functions LIMIT 10;
 SELECT * FROM pg_stat_user_indexes LIMIT 10;
-SELECT * FROM pg_class LIMIT 10;
+SELECT * FROM pg_stat_activity LIMIT 10;
 
 -- Get rejected because of inheritance
 SELECT x, y FROM subclass;

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# Changelog`
	`2`	+ - Allow all discovery queries over `pg_class`.
`2`	`3`
`3`	`4`	`## Version 1.0.3`
`4`	`5`	`- Reject unsupported column types during AID labeling.`