Merge branch 'main' into zachmu/join-debugging

Author: zachmu

.gitattributes

@@ -1,12 +1,22 @@
-enginetest/testdata/test1.txt binary
-enginetest/testdata/test2.csv binary
-enginetest/testdata/test3.csv binary
-enginetest/testdata/test3backwards.csv binary
-enginetest/testdata/test4.txt binary
-enginetest/testdata/test5.txt binary
-enginetest/testdata/test6.csv binary
-enginetest/testdata/test7.txt binary
-enginetest/testdata/test8.txt binary
-enginetest/testdata/test9.txt binary
-enginetest/testdata/test10.txt binary
-enginetest/testdata/simple_json.txt binary
+enginetest/testdata/test1.txt binary
+enginetest/testdata/test2.csv binary
+enginetest/testdata/test3.csv binary
+enginetest/testdata/test3backwards.csv binary
+enginetest/testdata/test4.txt binary
+enginetest/testdata/test5.txt binary
+enginetest/testdata/test6.csv binary
+enginetest/testdata/test7.txt binary
+enginetest/testdata/test8.txt binary
+enginetest/testdata/test9.txt binary
+enginetest/testdata/test10.txt binary
+enginetest/testdata/simple_json.txt binary
+enginetest/testdata/loaddata_null_in_field.dat binary
+enginetest/testdata/loaddata_lborder_null.dat binary
+enginetest/testdata/loaddata_enc_esc_eq.dat binary
+enginetest/testdata/loaddata_eof.dat binary
+enginetest/testdata/loaddata_term_in_field.dat binary
+enginetest/testdata/loaddata_mixed_escapes.dat binary
+enginetest/testdata/loaddata_enclosed.dat binary
+enginetest/testdata/loaddata_single_quotes.dat binary
+enginetest/testdata/loaddata_nulls.dat binary
+enginetest/testdata/loaddata_escape.dat binary

.github/workflows/bump-dependency.yaml

@@ -5,28 +5,31 @@ on:
     types: [ bump-dependency ]
 
 jobs:
-  get-label:
-    name: Get Label
-    outputs:
-      label: ${{ steps.get-label.outputs.label }}
+  sanitize-payload:
+    name: Sanitize Payload
     runs-on: ubuntu-22.04
+    outputs:
+      label:        ${{ steps.sanitize.outputs.label }}
+      safe_module:  ${{ steps.sanitize.outputs.safe_module }}
+      safe_head:    ${{ steps.sanitize.outputs.safe_head }}
+      safe_assignee: ${{ steps.sanitize.outputs.safe_assignee }}
+      safe_email:   ${{ steps.sanitize.outputs.safe_email }}
+      safe_branch:  ${{ steps.sanitize.outputs.safe_branch }}
+      safe_short:   ${{ steps.sanitize.outputs.safe_short }}
     steps:
-      - name: Get Label
-        id: get-label
+      - uses: actions/checkout@v4
+      - name: Validate & Sanitize Payload (script)
+        id: sanitize
         env:
-          REPO: ${{ github.event.client_payload.dependency }}
-        run: |
-          if [ "$REPO" == "vitess" ]
-          then
-            echo "label=vitess-bump" >> $GITHUB_OUTPUT
-          else
-            echo "$REPO is unsupported"
-            exit 1
-          fi
+          RAW_DEP:  ${{ github.event.client_payload.dependency }}
+          RAW_SHA:  ${{ github.event.client_payload.head_commit_sha }}
+          RAW_USER: ${{ github.event.client_payload.assignee }}
+          RAW_MAIL: ${{ github.event.client_payload.assignee_email }}
+        run: bash .github/workflows/scripts/sanitize_payload.sh
 
   stale-bump-prs:
     name: Retrieving Stale Bump PRs
-    needs: get-label
+    needs: sanitize-payload
     outputs:
       stale-pulls: ${{ steps.get-stale-prs.outputs.open-pulls }}
     runs-on: ubuntu-22.04
@@ -35,7 +38,7 @@ jobs:
         id: get-stale-prs
         uses: actions/github-script@v7
         env:
-          LABEL: ${{ needs.get-label.outputs.label }}
+          LABEL: ${{ needs.sanitize-payload.outputs.label }}
         with:
           debug: true
           github-token: ${{ secrets.REPO_ACCESS_TOKEN }}
@@ -85,7 +88,7 @@ jobs:
             }
 
   open-bump-pr:
-    needs: [get-label, stale-bump-prs]
+    needs: [sanitize-payload, stale-bump-prs]
     name: Open Bump PR
     runs-on: ubuntu-22.04
     outputs:
@@ -94,48 +97,66 @@ jobs:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
+
       - name: Set up Go 1.x
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
-      - name: Bump dependency
-        run: GOOS=linux go get github.com/dolthub/${{ github.event.client_payload.dependency }}@${{ github.event.client_payload.head_commit_sha }}
-      - name: Get Assignee and Reviewer
+
+      - name: Bump dependency (safe)
+        env:
+          SAFE_MODULE:   ${{ needs.sanitize-payload.outputs.safe_module }}
+          SAFE_HEAD:     ${{ needs.sanitize-payload.outputs.safe_head }}
+        run: |
+          set -euo pipefail
+          IFS=$'\n\t'
+          echo "Installing ${SAFE_MODULE}@${SAFE_HEAD}"
+          GOOS=linux go get "${SAFE_MODULE}@${SAFE_HEAD}"
+
+      - name: Get Assignee and Reviewer (safe)
         id: get_reviewer
+        env:
+          ASSIGNEE: ${{ needs.sanitize-payload.outputs.safe_assignee }}
         run: |
-          if [ "${{ github.event.client_payload.assignee }}" == "zachmu" ]
-          then
-            echo "reviewer=Hydrocharged" >> $GITHUB_OUTPUT
+          set -euo pipefail
+          if [ "${ASSIGNEE}" = "zachmu" ]; then
+            echo "reviewer=Hydrocharged" >> "$GITHUB_OUTPUT"
           else
-            echo "reviewer=zachmu" >> $GITHUB_OUTPUT
+            echo "reviewer=zachmu" >> "$GITHUB_OUTPUT"
           fi
-      - name: Get short hash
-        id: short-sha
-        run: |
-          commit=${{ github.event.client_payload.head_commit_sha }}
-          short=${commit:0:8}
-          echo "short=$short" >> $GITHUB_OUTPUT
-      - name: Create and Push new branch
+
+      - name: Create and Push new branch (safe)
+        env:
+          GIT_USER:  ${{ needs.sanitize-payload.outputs.safe_assignee }}
+          GIT_MAIL:  ${{ needs.sanitize-payload.outputs.safe_email }}
+          BRANCH:    ${{ needs.sanitize-payload.outputs.safe_branch }}
+          COMMIT_BY: ${{ needs.sanitize-payload.outputs.safe_assignee }}
         run: |
-          git config --global --add user.name "${{ github.event.client_payload.assignee }}"
-          git config --global --add user.email "${{ github.event.client_payload.assignee_email }}"
-          branchname=${{ format('{0}-{1}', github.event.client_payload.assignee, steps.short-sha.outputs.short) }}
-          git checkout -b "$branchname"
+          set -euo pipefail
+          IFS=$'\n\t'
+
+          git config --global user.name "${GIT_USER}"
+          git config --global user.email "${GIT_MAIL}"
+
+          git checkout -b -- "${BRANCH}"
           git add .
-          git commit -m "${{ format('[ga-bump-dep] Bump dependency in GMS by {0}', github.event.client_payload.assignee) }}"
-          git push origin "$branchname"
+
+          # Commit message uses sanitized assignee only
+          git commit -m "[ga-bump-dep] Bump dependency in GMS by ${COMMIT_BY}"
+          git push origin "${BRANCH}"
+
       - name: pull-request
         uses: repo-sync/pull-request@v2
         id: latest-pr
         with:
-          source_branch: ${{ format('{0}-{1}', github.event.client_payload.assignee, steps.short-sha.outputs.short ) }}
+          source_branch: ${{ needs.sanitize-payload.outputs.safe_branch }}
           destination_branch: "main"
           github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
-          pr_title: "[auto-bump] [no-release-notes] dependency by ${{ github.event.client_payload.assignee }}"
+          pr_title: "[auto-bump] [no-release-notes] dependency by ${{ needs.sanitize-payload.outputs.safe_assignee }}"
           pr_template: ".github/markdown-templates/dep-bump.md"
           pr_reviewer: ${{ steps.get_reviewer.outputs.reviewer }}
-          pr_assignee: ${{ github.event.client_payload.assignee }}
-          pr_label: ${{ needs.get-label.outputs.label }}
+          pr_assignee: ${{ needs.sanitize-payload.outputs.safe_assignee }}
+          pr_label: ${{ needs.sanitize-payload.outputs.label }}
 
   comment-on-stale-prs:
     needs: [open-bump-pr, stale-bump-prs]

.github/workflows/scripts/sanitize_payload.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+IFS=$'\n\t'
+
+# Inputs via environment variables
+RAW_DEP=${RAW_DEP:-}
+RAW_SHA=${RAW_SHA:-}
+RAW_USER=${RAW_USER:-}
+RAW_MAIL=${RAW_MAIL:-}
+
+# --- Validate dependency via allow-list and map to module path + label
+case "${RAW_DEP:-}" in
+  vitess)
+    MODULE='github.com/dolthub/vitess'
+    LABEL='vitess-bump'
+    ;;
+  *)
+    echo "Unsupported dependency '${RAW_DEP:-}'" >&2
+    exit 1
+    ;;
+esac
+
+# --- Validate head SHA/tag (conservative)
+# allow only hex SHAs or safe tag-ish: letters, digits, dot, dash, underscore, plus
+if [ -z "${RAW_SHA:-}" ] || ! printf '%s' "$RAW_SHA" | grep -qE '^[A-Za-z0-9._+-]+$'; then
+  echo "Invalid head_commit_sha" >&2
+  exit 1
+fi
+
+# Keep a short 8-char form if it's a hex SHA; otherwise derive short safe token
+if printf '%s' "$RAW_SHA" | grep -qiE '^[0-9a-f]{40}$'; then
+  SHORT_SHA="${RAW_SHA:0:8}"
+else
+  SHORT_SHA="$(printf '%s' "$RAW_SHA" | tr -cd 'A-Za-z0-9._+-' | cut -c1-12)"
+fi
+
+# --- Validate assignee username (GitHub-compatible subset)
+if [ -z "${RAW_USER:-}" ] || ! printf '%s' "$RAW_USER" | grep -qE '^[A-Za-z0-9-]{1,39}$'; then
+  echo "Invalid assignee username" >&2
+  exit 1
+fi
+
+# --- Validate email; if invalid, fall back to GitHub noreply
+if [ -n "${RAW_MAIL:-}" ] && printf '%s' "$RAW_MAIL" | grep -qE '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'; then
+  SAFE_EMAIL="$RAW_MAIL"
+else
+  SAFE_EMAIL="${RAW_USER}[email protected]"
+fi
+
+# --- Build a safe branch name: <assignee>-<short>
+BRANCH_NAME="$(printf '%s-%s' "$RAW_USER" "$SHORT_SHA" | tr -cd 'A-Za-z0-9._-')"
+
+# Expose sanitized values as step outputs
+{
+  echo "label=$LABEL"
+  echo "safe_module=$MODULE"
+  echo "safe_head=$RAW_SHA"
+  echo "safe_assignee=$RAW_USER"
+  echo "safe_email=$SAFE_EMAIL"
+  echo "safe_branch=$BRANCH_NAME"
+  echo "safe_short=$SHORT_SHA"
+} >> "${GITHUB_OUTPUT}"

README.md

@@ -224,6 +224,7 @@ implementing some interfaces. For detailed instructions, see the
 ## Powered by go-mysql-server
 
 * [dolt](https://github.com/dolthub/dolt)
+* [Grafana](https://www.dolthub.com/blog/2025-09-25-grafana-with-go-mysql-server/)
 * [gitbase](https://github.com/src-d/gitbase) (defunct)
 
 Are you building a database backend using **go-mysql-server**? We

enginetest/enginetests.go

@@ -61,10 +61,8 @@ func TestQueries(t *testing.T, harness Harness) {
 	ctx := NewContext(harness)
 	for _, tt := range queries.QueryTests {
 		t.Run(tt.Query, func(t *testing.T) {
-			if sh, ok := harness.(SkippingHarness); ok {
-				if sh.SkipQueryTest(tt.Query) {
-					t.Skipf("Skipping query plan for %s", tt.Query)
-				}
+			if sh, ok := harness.(SkippingHarness); tt.Skip || (ok && sh.SkipQueryTest(tt.Query)) {
+				t.Skipf("Skipping query test for %s", tt.Query)
 			}
 			if IsServerEngine(e) && tt.SkipServerEngine {
 				t.Skip("skipping for server engine")
@@ -222,7 +220,7 @@ func TestQueriesPrepared(t *testing.T, harness Harness) {
 	defer e.Close()
 	t.Run("query prepared tests", func(t *testing.T) {
 		for _, tt := range queries.QueryTests {
-			if tt.SkipPrepared {
+			if tt.Skip || tt.SkipPrepared {
 				continue
 			}
 			t.Run(tt.Query, func(t *testing.T) {
@@ -233,7 +231,7 @@ func TestQueriesPrepared(t *testing.T, harness Harness) {
 
 	t.Run("function query prepared tests", func(t *testing.T) {
 		for _, tt := range queries.FunctionQueryTests {
-			if tt.SkipPrepared {
+			if tt.Skip || tt.SkipPrepared {
 				continue
 			}
 			t.Run(tt.Query, func(t *testing.T) {
@@ -265,7 +263,7 @@ func TestQueriesPrepared(t *testing.T, harness Harness) {
 func TestJoinQueriesPrepared(t *testing.T, harness Harness) {
 	harness.Setup(setup.MydbData, setup.MytableData, setup.Pk_tablesData, setup.OthertableData, setup.NiltableData, setup.XyData, setup.FooData, setup.Comp_index_tablesData)
 	for _, tt := range queries.JoinQueryTests {
-		if tt.SkipPrepared {
+		if tt.Skip || tt.SkipPrepared {
 			continue
 		}
 		TestPreparedQuery(t, harness, tt.Query, tt.Expected, tt.ExpectedColumns)

enginetest/evaluation.go

@@ -400,10 +400,9 @@ func TestQuery2(t *testing.T, harness Harness, e QueryEngine, q string, expected
 // TODO: collapse into TestQuery
 func TestQueryWithEngine(t *testing.T, harness Harness, e QueryEngine, tt queries.QueryTest) {
 	t.Run(tt.Query, func(t *testing.T) {
-		if sh, ok := harness.(SkippingHarness); ok {
-			if sh.SkipQueryTest(tt.Query) {
-				t.Skipf("Skipping query %s", tt.Query)
-			}
+		if sh, ok := harness.(SkippingHarness); tt.Skip || (IsServerEngine(e) && tt.SkipServerEngine) ||
+			(ok && sh.SkipQueryTest(tt.Query)) {
+			t.Skipf("Skipping query %s", tt.Query)
 		}
 
 		ctx := NewContext(harness)
@@ -413,9 +412,6 @@ func TestQueryWithEngine(t *testing.T, harness Harness, e QueryEngine, tt querie
 		} else if tt.ExpectedErrStr != "" {
 			AssertErrWithCtx(t, e, harness, ctx, tt.Query, tt.Bindings, nil, tt.ExpectedErrStr)
 		} else if tt.ExpectedWarning != 0 {
-			if IsServerEngine(e) && tt.SkipServerEngine {
-				t.Skip()
-			}
 			AssertWarningAndTestQuery(t, e, ctx, harness,
 				tt.Query,
 				tt.Expected,

enginetest/join_op_tests.go

@@ -2181,6 +2181,7 @@ WHERE
 	},
 	{
 		// https://github.com/dolthub/dolt/issues/9782
+		// https://github.com/dolthub/dolt/issues/9973
 		name: "joining with subquery on empty table",
 		setup: [][]string{
 			{
@@ -2205,6 +2206,14 @@ WHERE
 				Query:    "SELECT t.c FROM (SELECT t.c FROM t WHERE FALSE) AS subq NATURAL RIGHT JOIN t;",
 				Expected: []sql.Row{{1}},
 			},
+			{
+				Query:    "SELECT t.c FROM t FULL OUTER JOIN (SELECT t.c FROM t WHERE FALSE) AS subq ON TRUE;",
+				Expected: []sql.Row{{1}},
+			},
+			{
+				Query:    "SELECT t.c FROM (SELECT t.c FROM t WHERE FALSE) AS subq FULL OUTER JOIN t ON TRUE;",
+				Expected: []sql.Row{{1}},
+			},
 		},
 	},
 	{

enginetest/join_planning_tests.go

@@ -51,6 +51,28 @@ type joinPlanScript struct {
 }
 
 var JoinPlanningTests = []joinPlanScript{
+	{
+		// https://github.com/dolthub/dolt/issues/9977
+		name: "no filter pushdown through anti join",
+		setup: []string{
+			"CREATE table xy (x int, y int, primary key(x,y));",
+			"insert into xy values (1,0), (2,1), (0,2), (3,3);",
+		},
+		tests: []JoinPlanTest{
+			{
+				q:     "select * from xy where x > 0 and x not in (select 999 union select 2 union select 3) order by x",
+				types: nil,
+				exp: []sql.Row{
+					{1, 0},
+				},
+			},
+			{
+				q:     "select * from xy where x > 0 and x not in (select 999) and x in (select 888 union select 777)",
+				types: []plan.JoinType{plan.JoinTypeLeftOuter},
+				exp:   []sql.Row{},
+			},
+		},
+	},
 	{
 		name: "filter pushdown through join uppercase name",
 		setup: []string{