Skip to content

Commit e80721e

Browse files
pdobaczpdobacz
authored
Merge pull request #407 from diffix/piotr/disallow-select-aid
Reject pointless select/group by AID
2 parents 42c0a2f + fe52376 commit e80721e

File tree

9 files changed

+61
-88
lines changed

9 files changed

+61
-88
lines changed

src/query/anonymization.c

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
#include "postgres.h"
22

33
#include "catalog/pg_aggregate.h"
4+
#include "catalog/pg_class.h"
45
#include "catalog/pg_type.h"
56
#include "common/shortest_dec.h"
67
#include "nodes/makefuncs.h"
@@ -14,6 +15,7 @@
1415

1516
#include "pg_diffix/aggregation/bucket_scan.h"
1617
#include "pg_diffix/aggregation/common.h"
18+
#include "pg_diffix/auth.h"
1719
#include "pg_diffix/oid_cache.h"
1820
#include "pg_diffix/query/allowed_objects.h"
1921
#include "pg_diffix/query/anonymization.h"
@@ -270,6 +272,25 @@ static List *gather_aid_refs(Query *query, List *relations)
270272
return aid_refs;
271273
}
272274

275+
static void reject_aid_grouping(Query *query)
276+
{
277+
List *grouping_exprs = get_sortgrouplist_exprs(query->groupClause, query->targetList);
278+
279+
ListCell *cell;
280+
foreach (cell, grouping_exprs)
281+
{
282+
Node *group_expr = (Node *)lfirst(cell);
283+
if (IsA(group_expr, Var))
284+
{
285+
Var *var = (Var *)group_expr;
286+
RangeTblEntry *rte = rt_fetch(var->varno, query->rtable);
287+
288+
if (rte->relkind == RELKIND_RELATION && is_aid_column(rte->relid, var->varattno))
289+
FAILWITH_LOCATION(var->location, "Selecting or grouping by an AID column will result in a fully censored output.");
290+
}
291+
}
292+
}
293+
273294
static void append_aid_args(Aggref *aggref, List *aid_refs)
274295
{
275296
bool found_any = false;
@@ -584,6 +605,8 @@ static void compile_anonymizing_query(Query *query, List *personal_relations, An
584605

585606
AnonymizationContext *anon_context = make_query_anonymizing(query, personal_relations);
586607

608+
reject_aid_grouping(query);
609+
587610
verify_bucket_expressions(query);
588611

589612
anon_context->sql_seed = prepare_bucket_seeds(query);

test/expected/noiseless.out

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -158,29 +158,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
158158
----------------------------------------------------------------
159159
-- LCF & Filtering
160160
----------------------------------------------------------------
161-
SELECT id FROM test_customers;
162-
id
163-
----
164-
165-
166-
167-
168-
169-
170-
171-
172-
173-
174-
175-
176-
177-
178-
179-
180-
181-
182-
(18 rows)
183-
184161
SELECT city FROM test_customers;
185162
city
186163
--------

test/expected/noisy.out

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -150,27 +150,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
150150
----------------------------------------------------------------
151151
-- LCF & Filtering
152152
----------------------------------------------------------------
153-
SELECT id FROM test_customers;
154-
id
155-
----
156-
157-
158-
159-
160-
161-
162-
163-
164-
165-
166-
167-
168-
169-
170-
171-
172-
(16 rows)
173-
174153
SELECT city FROM test_customers;
175154
city
176155
------

test/expected/star_bucket.out

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -128,31 +128,6 @@ GROUP BY 1, 2, 3;
128128
----------------------------------------------------------------
129129
-- Other queries
130130
----------------------------------------------------------------
131-
SELECT *
132-
FROM star_bucket;
133-
id | dept | gender | title
134-
----+------+--------+-------
135-
| * | * | *
136-
| * | * | *
137-
| * | * | *
138-
| * | * | *
139-
| * | * | *
140-
| * | * | *
141-
| * | * | *
142-
| * | * | *
143-
| * | * | *
144-
| * | * | *
145-
| * | * | *
146-
| * | * | *
147-
| * | * | *
148-
| * | * | *
149-
| * | * | *
150-
| * | * | *
151-
| * | * | *
152-
| * | * | *
153-
| * | * | *
154-
(19 rows)
155-
156131
SELECT dept, gender, title
157132
FROM star_bucket;
158133
dept | gender | title

test/expected/validation.out

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -179,25 +179,25 @@ FROM (
179179
0
180180
(1 row)
181181

182-
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.id)
182+
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.city)
183183
FROM (
184-
SELECT * FROM test_validation
184+
SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation
185185
) x;
186186
count | count | count
187187
-------+-------+-------
188188
0 | 0 | 0
189189
(1 row)
190190

191-
SELECT COUNT(DISTINCT x.modified_id) FROM ( SELECT id AS modified_id FROM test_validation ) x;
191+
SELECT COUNT(DISTINCT x.modified_name) FROM ( SELECT name AS modified_name FROM test_validation ) x;
192192
count
193193
-------
194194
0
195195
(1 row)
196196

197-
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_id)
197+
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_name)
198198
FROM (
199-
SELECT y.city as city, y.id as user_id
200-
FROM ( SELECT * FROM test_validation ) y
199+
SELECT y.city as city, y.name as user_name
200+
FROM ( SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation ) y
201201
) x;
202202
count | count | count
203203
-------+-------+-------
@@ -490,6 +490,25 @@ SELECT count(distinct tableoid) FROM test_validation;
490490
ERROR: [PG_DIFFIX] System columns are not allowed in this context.
491491
LINE 1: SELECT count(distinct tableoid) FROM test_validation;
492492
^
493+
-- Get rejected because of selecting AID columns
494+
SELECT id FROM test_validation;
495+
ERROR: [PG_DIFFIX] Selecting or grouping by an AID column will result in a fully censored output.
496+
LINE 1: SELECT id FROM test_validation;
497+
^
498+
SELECT 1 FROM test_validation GROUP BY id;
499+
ERROR: [PG_DIFFIX] Selecting or grouping by an AID column will result in a fully censored output.
500+
LINE 1: SELECT 1 FROM test_validation GROUP BY id;
501+
^
502+
SELECT * FROM (SELECT id FROM test_validation) z;
503+
ERROR: [PG_DIFFIX] Selecting or grouping by an AID column will result in a fully censored output.
504+
LINE 1: SELECT * FROM (SELECT id FROM test_validation) z;
505+
^
506+
-- Get accepted because of selecting AID with generalization
507+
SELECT diffix.floor_by(id, 2), count(*) FROM test_validation GROUP BY 1;
508+
floor_by | count
509+
----------+-------
510+
(0 rows)
511+
493512
----------------------------------------------------------------
494513
-- Untrusted mode query restrictions
495514
----------------------------------------------------------------

test/sql/noiseless.sql

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
5252
-- LCF & Filtering
5353
----------------------------------------------------------------
5454

55-
SELECT id FROM test_customers;
56-
5755
SELECT city FROM test_customers;
5856

5957
SELECT city FROM test_customers GROUP BY 1 HAVING length(city) <> 4;

test/sql/noisy.sql

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
4848
-- LCF & Filtering
4949
----------------------------------------------------------------
5050

51-
SELECT id FROM test_customers;
52-
5351
SELECT city FROM test_customers;
5452

5553
SELECT city FROM test_customers GROUP BY 1 HAVING length(city) <> 4;

test/sql/star_bucket.sql

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -106,9 +106,6 @@ GROUP BY 1, 2, 3;
106106
-- Other queries
107107
----------------------------------------------------------------
108108

109-
SELECT *
110-
FROM star_bucket;
111-
112109
SELECT dept, gender, title
113110
FROM star_bucket;
114111

test/sql/validation.sql

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -112,17 +112,17 @@ FROM (
112112
GROUP BY 1
113113
) x;
114114

115-
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.id)
115+
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.city)
116116
FROM (
117-
SELECT * FROM test_validation
117+
SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation
118118
) x;
119119

120-
SELECT COUNT(DISTINCT x.modified_id) FROM ( SELECT id AS modified_id FROM test_validation ) x;
120+
SELECT COUNT(DISTINCT x.modified_name) FROM ( SELECT name AS modified_name FROM test_validation ) x;
121121

122-
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_id)
122+
SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_name)
123123
FROM (
124-
SELECT y.city as city, y.id as user_id
125-
FROM ( SELECT * FROM test_validation ) y
124+
SELECT y.city as city, y.name as user_name
125+
FROM ( SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation ) y
126126
) x;
127127

128128
SELECT * FROM (SELECT name FROM test_validation) x, (SELECT city FROM test_validation) y;
@@ -249,6 +249,13 @@ SELECT count(tableoid) FROM test_validation;
249249
SELECT count(distinct ctid) FROM test_validation;
250250
SELECT count(distinct tableoid) FROM test_validation;
251251

252+
-- Get rejected because of selecting AID columns
253+
SELECT id FROM test_validation;
254+
SELECT 1 FROM test_validation GROUP BY id;
255+
SELECT * FROM (SELECT id FROM test_validation) z;
256+
257+
-- Get accepted because of selecting AID with generalization
258+
SELECT diffix.floor_by(id, 2), count(*) FROM test_validation GROUP BY 1;
252259

253260
----------------------------------------------------------------
254261
-- Untrusted mode query restrictions

0 commit comments

Comments
 (0)