Merge pull request #383 from diffix/cristian/bugfix

Improve validation of statements.

Author: cristianberneanu

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## Next version
+  - Allow casts between `int4` and `int8`.
+  - Allow more metadata discovery queries.
+  - Allow more statement types.
+
 ## Version 1.0.1
   - Fixed some docs links.
   - Fixed setup script version.

src/auth.c

@@ -92,9 +92,17 @@ AccessLevel get_session_access_level(void)
   return (AccessLevel)g_config.session_access_level;
 }
 
-static bool is_pg_catalog_relation(Oid relation_oid)
+static bool is_metadata_relation(Oid relation_oid)
 {
-  return get_rel_namespace(relation_oid) == PG_CATALOG_NAMESPACE;
+  Oid namespace_oid = get_rel_namespace(relation_oid);
+
+  if (namespace_oid == PG_CATALOG_NAMESPACE)
+    return true; /* PG_CATALOG relations are checked in `ExecutorCheckPerms` hook. */
+
+  if (strcmp(get_namespace_name(namespace_oid), "information_schema") == 0)
+    return true; /* INFORMATION_SCHEMA relations are safe to query. */
+
+  return false;
 }
 
 bool is_personal_relation(Oid relation_oid)
@@ -103,8 +111,8 @@ bool is_personal_relation(Oid relation_oid)
   const char *seclabel = GetSecurityLabel(&relation_object, PROVIDER_TAG);
 
   if (seclabel == NULL)
-    if (g_config.treat_unmarked_tables_as_public || is_pg_catalog_relation(relation_oid))
-      return false; /* PG_CATALOG relations are checked in `ExecutorCheckPerms` hook. */
+    if (g_config.treat_unmarked_tables_as_public || is_metadata_relation(relation_oid))
+      return false;
     else
       FAILWITH_CODE(ERRCODE_INSUFFICIENT_PRIVILEGE,
                     "Tables without an anonymization label can't be accessed in anonymized mode.");

src/query/allowed_objects.c

@@ -10,7 +10,7 @@
 #include "pg_diffix/utils.h"
 
 static const char *const g_allowed_casts[] = {
-    "i2tod", "i2tof", "i2toi4", "i4toi2", "i4tod", "i4tof", "i8tod", "i8tof",
+    "i2tod", "i2tof", "i2toi4", "i4toi2", "i4tod", "i4tof", "i8tod", "i8tof", "int48", "int84",
     "ftod", "dtof",
     "int4_numeric", "float4_numeric", "float8_numeric",
     "numeric_float4", "numeric_float8",
@@ -59,10 +59,8 @@ static const char *const g_pg_catalog_allowed_rels[] = {
     "pg_opclass", "pg_operator", "pg_opfamily", "pg_policy", "pg_prepared_statements", "pg_prepared_xacts", "pg_publication",
     "pg_publication_rel", "pg_rewrite", "pg_roles", "pg_seclabel", "pg_seclabels", "pg_sequence", "pg_settings", "pg_shadow",
     "pg_shdepend", "pg_shdescription", "pg_shseclabel", "pg_stat_gssapi", "pg_subscription", "pg_subscription_rel", "pg_tablespace",
-    "pg_trigger", "pg_ts_config", "pg_ts_dict", "pg_ts_parser", "pg_ts_template", "pg_type", "pg_user",
-    /* `pg_proc` contains `procost` and `prorows` but both seem to be fully static data. */
-    "pg_proc",
-    /**/
+    "pg_trigger", "pg_ts_config", "pg_ts_dict", "pg_ts_parser", "pg_ts_template", "pg_type", "pg_user", "pg_tables", "pg_matviews",
+    "pg_indexes", "pg_proc" /* `pg_proc` contains `procost` and `prorows` but both seem to be fully static data. */
 };
 
 static AllowedCols g_pg_catalog_allowed_cols[] = {

src/query/validation.c

@@ -51,6 +51,8 @@ void verify_utility_command(Node *utility_stmt)
     case T_LockStmt:
     case T_CheckPointStmt:
     case T_DeclareCursorStmt:
+    case T_DeallocateStmt:
+    case T_FetchStmt:
       break;
     default:
       FAILWITH("Statement requires direct access level.");

test/expected/validation.out

@@ -69,6 +69,18 @@ SELECT COUNT(*) FROM test_validation
 -------
 (0 rows)
 
+SELECT COUNT(*) FROM test_validation
+  GROUP BY round(id::integer), ceil(id::integer), ceiling(id::integer), floor(id::integer);
+ count 
+-------
+(0 rows)
+
+SELECT COUNT(*) FROM test_validation
+  GROUP BY round(id::bigint), ceil(id::bigint), ceiling(id::bigint), floor(id::bigint);
+ count 
+-------
+(0 rows)
+
 SELECT
   diffix.round_by(id::numeric, 5),
   diffix.round_by(id::double precision, 5),
@@ -239,6 +251,19 @@ Indexes:
 Indexes:
     "empty_test_customers_pkey" PRIMARY KEY, btree (id)
 
+-- Allow discovery statements
+SELECT EXISTS (SELECT FROM PG_Catalog.pg_tables WHERE schemaname='public' AND tablename='test_customers');
+ exists 
+--------
+ t
+(1 row)
+
+SELECT EXISTS (SELECT FROM Information_Schema.tables WHERE table_schema='public' AND table_name='test_customers');
+ exists 
+--------
+ t
+(1 row)
+
 -- Settings and labels UDFs work
 SELECT * FROM diffix.show_settings() LIMIT 2;
               name              | setting |                                   short_desc                                   

test/sql/validation.sql

@@ -54,6 +54,12 @@ SELECT COUNT(*) FROM test_validation
 SELECT COUNT(*) FROM test_validation
   GROUP BY round(id::numeric), ceil(id::numeric), ceiling(id::numeric), floor(id::numeric);
 
+SELECT COUNT(*) FROM test_validation
+  GROUP BY round(id::integer), ceil(id::integer), ceiling(id::integer), floor(id::integer);
+
+SELECT COUNT(*) FROM test_validation
+  GROUP BY round(id::bigint), ceil(id::bigint), ceiling(id::bigint), floor(id::bigint);
+
 SELECT
   diffix.round_by(id::numeric, 5),
   diffix.round_by(id::double precision, 5),
@@ -130,6 +136,10 @@ SELECT (SELECT city FROM test_validation);
 \dt+ empty_test_customers
 \d+ empty_test_customers
 
+-- Allow discovery statements
+SELECT EXISTS (SELECT FROM PG_Catalog.pg_tables WHERE schemaname='public' AND tablename='test_customers');
+SELECT EXISTS (SELECT FROM Information_Schema.tables WHERE table_schema='public' AND table_name='test_customers');
+
 -- Settings and labels UDFs work
 SELECT * FROM diffix.show_settings() LIMIT 2;
 SELECT * FROM diffix.show_labels() WHERE objname LIKE 'public.test_customers%';