Reject pointless select/group by AID

Author: pdobacz

src/query/anonymization.c

@@ -270,6 +270,28 @@ static List *gather_aid_refs(Query *query, List *relations)
   return aid_refs;
 }
 
+static void reject_aid_grouping(Query *query, List *aid_refs)
+{
+  ListCell *cell;
+  List *grouping_exprs = get_sortgrouplist_exprs(query->groupClause, query->targetList);
+  foreach (cell, grouping_exprs)
+  {
+    Node *group_expr = (Node *)lfirst(cell);
+    if (IsA(group_expr, Var))
+    {
+      Var *var = (Var *)group_expr;
+
+      ListCell *aid_ref_cell;
+      foreach (aid_ref_cell, aid_refs)
+      {
+        AidRef *aid_ref = (AidRef *)lfirst(aid_ref_cell);
+        if (aid_ref->aid_attnum == var->varattno)
+          FAILWITH_LOCATION(var->location, "Selecting AID without generalization cannot yield any results - rejecting.");
+      }
+    }
+  }
+}
+
 static void append_aid_args(Aggref *aggref, List *aid_refs)
 {
   bool found_any = false;
@@ -471,6 +493,8 @@ static AnonymizationContext *make_query_anonymizing(Query *query, List *personal
     anon_context->expand_buckets = true;
   }
 
+  reject_aid_grouping(query, aid_refs);
+
   query_tree_mutator(
       query,
       aggregate_expression_mutator,

test/expected/noiseless.out

@@ -158,29 +158,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
 ----------------------------------------------------------------
 -- LCF & Filtering
 ----------------------------------------------------------------
-SELECT id FROM test_customers;
- id 
-----
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-(18 rows)
-
 SELECT city FROM test_customers;
   city  
 --------

test/expected/noisy.out

@@ -150,27 +150,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
 ----------------------------------------------------------------
 -- LCF & Filtering
 ----------------------------------------------------------------
-SELECT id FROM test_customers;
- id 
-----
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-   
-(16 rows)
-
 SELECT city FROM test_customers;
  city 
 ------

test/expected/star_bucket.out

@@ -128,31 +128,6 @@ GROUP BY 1, 2, 3;
 ----------------------------------------------------------------
 -- Other queries
 ----------------------------------------------------------------
-SELECT *
-FROM star_bucket;
- id | dept | gender | title 
-----+------+--------+-------
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-    | *    | *      | *
-(19 rows)
-
 SELECT dept, gender, title
 FROM star_bucket;
   dept   | gender | title 

test/expected/validation.out

@@ -179,25 +179,25 @@ FROM (
      0
 (1 row)
 
-SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.id)
+SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.city)
 FROM (
-  SELECT * FROM test_validation
+  SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation
 ) x;
  count | count | count 
 -------+-------+-------
      0 |     0 |     0
 (1 row)
 
-SELECT COUNT(DISTINCT x.modified_id) FROM ( SELECT id AS modified_id FROM test_validation ) x;
+SELECT COUNT(DISTINCT x.modified_name) FROM ( SELECT name AS modified_name FROM test_validation ) x;
  count 
 -------
      0
 (1 row)
 
-SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_id)
+SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_name)
 FROM (
-  SELECT y.city as city, y.id as user_id
-  FROM ( SELECT * FROM test_validation ) y
+  SELECT y.city as city, y.name as user_name
+  FROM ( SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation ) y
 ) x;
  count | count | count 
 -------+-------+-------
@@ -490,6 +490,25 @@ SELECT count(distinct tableoid) FROM test_validation;
 ERROR:  [PG_DIFFIX] System columns are not allowed in this context.
 LINE 1: SELECT count(distinct tableoid) FROM test_validation;
                               ^
+-- Get rejected because of selecting AID columns
+SELECT id FROM test_validation;
+ERROR:  [PG_DIFFIX] Selecting AID without generalization cannot yield any results - rejecting.
+LINE 1: SELECT id FROM test_validation;
+               ^
+SELECT 1 FROM test_validation GROUP BY id;
+ERROR:  [PG_DIFFIX] Selecting AID without generalization cannot yield any results - rejecting.
+LINE 1: SELECT 1 FROM test_validation GROUP BY id;
+                                               ^
+SELECT * FROM (SELECT id FROM test_validation) z;
+ERROR:  [PG_DIFFIX] Selecting AID without generalization cannot yield any results - rejecting.
+LINE 1: SELECT * FROM (SELECT id FROM test_validation) z;
+                              ^
+-- Get accepted because of selecting AID with generalization
+SELECT diffix.floor_by(id, 2), count(*) FROM test_validation GROUP BY 1;
+ floor_by | count 
+----------+-------
+(0 rows)
+
 ----------------------------------------------------------------
 -- Untrusted mode query restrictions
 ----------------------------------------------------------------

test/sql/noiseless.sql

@@ -52,8 +52,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
 -- LCF & Filtering
 ----------------------------------------------------------------
 
-SELECT id FROM test_customers;
-
 SELECT city FROM test_customers;
 
 SELECT city FROM test_customers GROUP BY 1 HAVING length(city) <> 4;

test/sql/noisy.sql

@@ -48,8 +48,6 @@ SELECT COUNT(*), COUNT(city), COUNT(DISTINCT city) FROM test_patients;
 -- LCF & Filtering
 ----------------------------------------------------------------
 
-SELECT id FROM test_customers;
-
 SELECT city FROM test_customers;
 
 SELECT city FROM test_customers GROUP BY 1 HAVING length(city) <> 4;

test/sql/star_bucket.sql

@@ -106,9 +106,6 @@ GROUP BY 1, 2, 3;
 -- Other queries
 ----------------------------------------------------------------
 
-SELECT *
-FROM star_bucket;
-
 SELECT dept, gender, title
 FROM star_bucket;
 

test/sql/validation.sql

@@ -112,17 +112,17 @@ FROM (
   GROUP BY 1
 ) x;
 
-SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.id)
+SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.city)
 FROM (
-  SELECT * FROM test_validation
+  SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation
 ) x;
 
-SELECT COUNT(DISTINCT x.modified_id) FROM ( SELECT id AS modified_id FROM test_validation ) x;
+SELECT COUNT(DISTINCT x.modified_name) FROM ( SELECT name AS modified_name FROM test_validation ) x;
 
-SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_id)
+SELECT COUNT(*), COUNT(x.city), COUNT(DISTINCT x.user_name)
 FROM (
-  SELECT y.city as city, y.id as user_id
-  FROM ( SELECT * FROM test_validation ) y
+  SELECT y.city as city, y.name as user_name
+  FROM ( SELECT name, city, discount, birthday, lunchtime, last_seen FROM test_validation ) y
 ) x;
 
 SELECT * FROM (SELECT name FROM test_validation) x, (SELECT city FROM test_validation) y;
@@ -249,6 +249,13 @@ SELECT count(tableoid) FROM test_validation;
 SELECT count(distinct ctid) FROM test_validation;
 SELECT count(distinct tableoid) FROM test_validation;
 
+-- Get rejected because of selecting AID columns
+SELECT id FROM test_validation;
+SELECT 1 FROM test_validation GROUP BY id;
+SELECT * FROM (SELECT id FROM test_validation) z;
+
+-- Get accepted because of selecting AID with generalization
+SELECT diffix.floor_by(id, 2), count(*) FROM test_validation GROUP BY 1;
 
 ----------------------------------------------------------------
 -- Untrusted mode query restrictions