[Tarantool-patches] [PATCH v2 5/6] alter: disallow creation of SQL built-in function

Mergen Imeev imeevma at tarantool.org
Fri Aug 6 22:54:10 MSK 2021 

Thank you for the review! My answers, diff and new patch below.

On Fri, Aug 06, 2021 at 12:18:22AM +0200, Vladislav Shpilevoy wrote:
> Thanks for the patch!
> 
> > diff --git a/src/box/alter.cc b/src/box/alter.cc
> > index 217b882ba..fd9921ae0 100644
> > --- a/src/box/alter.cc
> > +++ b/src/box/alter.cc
> > @@ -3213,6 +3213,36 @@ on_replace_dd_user(struct trigger * /* trigger */, void *event)
> >  	return 0;
> >  }
> >  
> > +/**
> > + * Check if the version of the data dictionary is lower than 2.9.0 and return
> > + * new func def if it is the case. If it is the case, then it is possible to
> > + * insert values with the "SQL_BUILTIN" language into _func, otherwise it is
> > + * prohibited. This is for upgradeability from 2.1.3 to 2.3.0. Since all we need
> > + * is to allow such inserts, we set func def to its default values.
> > + */
> > +static int
> > +func_def_new_sql_built_in(struct func_def *def)
> 
> 1. 'new' stands for new memory allocation. Here you need to use
> 'create'.
> 
Fixed.

> > +{
> > +	if (dd_version_id >= version_id(2, 9, 0)) {
> > +		diag_set(ClientError, ER_FUNCTION_LANGUAGE, "SQL_BUILTIN",
> > +			 def->name);
> > +		return -1;
> > +	}
> > +	def->body = NULL;
> > +	def->comment = NULL;
> > +	def->setuid = 1;
> > +	def->is_deterministic = false;
> > +	def->is_sandboxed = false;
> > +	def->param_count = 0;
> > +	def->returns = FIELD_TYPE_ANY;
> > +	def->aggregate = FUNC_AGGREGATE_NONE;
> > +	def->language = FUNC_LANGUAGE_LUA;
> > +	def->exports.lua = true;
> > +	def->exports.sql = true;
> > +	func_opts_create(&def->opts);
> > +	return 0;
> > +}
> > +
> >  /**
> >   * Get function identifiers from a tuple.
> >   *
> > @@ -3344,6 +3374,14 @@ func_def_new_from_tuple(struct tuple *tuple)
> >  				  language, def->name);
> >  			return NULL;
> >  		}
> > +		if (def->language == FUNC_LANGUAGE_SQL_BUILTIN) {
> 
> 2. Is it possible to just skip such functions when the schema is old?
> Simply not create anything for them assuming that they will be deleted
> right afterwards. Not even store them in the func hash. Like they do
> not exist. Then you can also drop sql_builtin support from
> func_def_check().

It is possible to not create new functions, but in this case inserting into
_priv will result in an error or assertion (see #6295). In any case, the
upgrade will fail. Also, I change the language in def to LUA, so there really
is no problem dropping support for sql_builtin from func_def_check(). I did it
in the next patch.


Diff:

diff --git a/src/box/alter.cc b/src/box/alter.cc
index fd9921ae0..8a4f0b5a6 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -3221,7 +3221,7 @@ on_replace_dd_user(struct trigger * /* trigger */, void *event)
  * is to allow such inserts, we set func def to its default values.
  */
 static int
-func_def_new_sql_built_in(struct func_def *def)
+func_def_create_sql_built_in(struct func_def *def)
 {
 	if (dd_version_id >= version_id(2, 9, 0)) {
 		diag_set(ClientError, ER_FUNCTION_LANGUAGE, "SQL_BUILTIN",
@@ -3375,7 +3375,7 @@ func_def_new_from_tuple(struct tuple *tuple)
 			return NULL;
 		}
 		if (def->language == FUNC_LANGUAGE_SQL_BUILTIN) {
-			if (func_def_new_sql_built_in(def) != 0)
+			if (func_def_create_sql_built_in(def) != 0)
 				return NULL;
 			if (func_def_check(def) != 0)
 				return NULL;


New patch:

commit f0551d7cd7fe5e776fefebb74d0b2f36dac6ca48
Author: Mergen Imeev <imeevma at gmail.com>
Date:   Wed Aug 4 11:18:46 2021 +0300

    alter: disallow creation of SQL built-in function
    
    This patch prohibits creation of user-defined functions with SQL_BUILTIN
    engine.
    
    Closes #6106

diff --git a/src/box/alter.cc b/src/box/alter.cc
index 217b882ba..8a4f0b5a6 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -3213,6 +3213,36 @@ on_replace_dd_user(struct trigger * /* trigger */, void *event)
 	return 0;
 }
 
+/**
+ * Check if the version of the data dictionary is lower than 2.9.0 and return
+ * new func def if it is the case. If it is the case, then it is possible to
+ * insert values with the "SQL_BUILTIN" language into _func, otherwise it is
+ * prohibited. This is for upgradeability from 2.1.3 to 2.3.0. Since all we need
+ * is to allow such inserts, we set func def to its default values.
+ */
+static int
+func_def_create_sql_built_in(struct func_def *def)
+{
+	if (dd_version_id >= version_id(2, 9, 0)) {
+		diag_set(ClientError, ER_FUNCTION_LANGUAGE, "SQL_BUILTIN",
+			 def->name);
+		return -1;
+	}
+	def->body = NULL;
+	def->comment = NULL;
+	def->setuid = 1;
+	def->is_deterministic = false;
+	def->is_sandboxed = false;
+	def->param_count = 0;
+	def->returns = FIELD_TYPE_ANY;
+	def->aggregate = FUNC_AGGREGATE_NONE;
+	def->language = FUNC_LANGUAGE_LUA;
+	def->exports.lua = true;
+	def->exports.sql = true;
+	func_opts_create(&def->opts);
+	return 0;
+}
+
 /**
  * Get function identifiers from a tuple.
  *
@@ -3344,6 +3374,14 @@ func_def_new_from_tuple(struct tuple *tuple)
 				  language, def->name);
 			return NULL;
 		}
+		if (def->language == FUNC_LANGUAGE_SQL_BUILTIN) {
+			if (func_def_create_sql_built_in(def) != 0)
+				return NULL;
+			if (func_def_check(def) != 0)
+				return NULL;
+			def_guard.is_active = false;
+			return def;
+		}
 	} else {
 		/* Lua is the default. */
 		def->language = FUNC_LANGUAGE_LUA;
diff --git a/test/box/function1.result b/test/box/function1.result
index a49a133f7..a1c89850d 100644
--- a/test/box/function1.result
+++ b/test/box/function1.result
@@ -372,7 +372,7 @@ c:close()
 box.schema.func.create('WAITFOR', {language = 'SQL_BUILTIN', \
 	param_list = {'integer'}, returns = 'integer',exports = {'SQL'}})
 ---
-- error: 'Failed to create function ''WAITFOR'': given built-in is not predefined'
+- error: Unsupported language 'SQL_BUILTIN' specified for function 'WAITFOR'
 ...
 test_run:cmd("setopt delimiter ';'")
 ---
@@ -1078,3 +1078,8 @@ box.func['test'].is_multikey == true
 box.func['test']:drop()
 ---
 ...
+-- gh-6106: Check that user-defined functions cannot have SQL_BUILTIN engine.
+box.schema.func.create("ABS", {language = 'SQL_BUILTIN', returns = 'integer'})
+---
+- error: Unsupported language 'SQL_BUILTIN' specified for function 'ABS'
+...
diff --git a/test/box/function1.test.lua b/test/box/function1.test.lua
index 4fdd48520..e635b6e18 100644
--- a/test/box/function1.test.lua
+++ b/test/box/function1.test.lua
@@ -389,3 +389,6 @@ box.func.LUA:call({"return 1 + 1"})
 box.schema.func.create('test', {body = "function(tuple) return tuple end", is_deterministic = true, opts = {is_multikey = true}})
 box.func['test'].is_multikey == true
 box.func['test']:drop()
+
+-- gh-6106: Check that user-defined functions cannot have SQL_BUILTIN engine.
+box.schema.func.create("ABS", {language = 'SQL_BUILTIN', returns = 'integer'})

More information about the Tarantool-patches mailing list