[tarantool-patches] [PATCH v1 1/1] sql: check access rights of table in VIEW

Tarantool development patches archive
 help / color / mirror / Atom feed

From: Kirill Shcherbatov <kshcherbatov@tarantool.org>
To: tarantool-patches@freelists.org, v.shpilevoy@tarantool.org
Cc: Kirill Shcherbatov <kshcherbatov@tarantool.org>
Subject: [tarantool-patches] [PATCH v1 1/1] sql: check access rights of table in VIEW
Date: Wed, 24 Apr 2019 15:16:54 +0300	[thread overview]
Message-ID: <3f7dd91795bf6154382cce7732a1016fc24ebcdc.1556108155.git.kshcherbatov@tarantool.org> (raw)

When access is performed using VIEW, access rights should be
checked against table[s] which it is referencing, not against
VIEW itself. Added a test case to verify this behaviour.

Closes #4104
---
Branch: http://github.com/tarantool/tarantool/tree/kshch/gh-4104-view-access-check
Issue: https://github.com/tarantool/tarantool/issues/4104

 test/sql/gh-4104-view-access-check.result   | 64 +++++++++++++++++++++
 test/sql/gh-4104-view-access-check.test.lua | 21 +++++++
 2 files changed, 85 insertions(+)
 create mode 100644 test/sql/gh-4104-view-access-check.result
 create mode 100644 test/sql/gh-4104-view-access-check.test.lua

diff --git a/test/sql/gh-4104-view-access-check.result b/test/sql/gh-4104-view-access-check.result
new file mode 100644
index 000000000..1eb9bebe8
--- /dev/null
+++ b/test/sql/gh-4104-view-access-check.result
@@ -0,0 +1,64 @@
+test_run = require('test_run').new()
+---
+...
+box.execute("CREATE TABLE supersecret(id INT PRIMARY KEY, data TEXT);")
+---
+- row_count: 1
+...
+box.execute("CREATE TABLE supersecret2(id INT PRIMARY KEY, data TEXT);")
+---
+- row_count: 1
+...
+box.execute("INSERT INTO supersecret VALUES(1, 'very very big secret');")
+---
+- row_count: 1
+...
+box.execute("INSERT INTO supersecret2 VALUES(1, 'very big secret 2');")
+---
+- row_count: 1
+...
+box.execute("CREATE VIEW supersecret_leak AS  SELECT * FROM supersecret, supersecret2;")
+---
+- row_count: 1
+...
+LISTEN = require('uri').parse(box.cfg.listen)
+---
+...
+remote = require 'net.box'
+---
+...
+cn = remote.connect(LISTEN.host, LISTEN.service)
+---
+...
+box.schema.user.grant('guest','read', 'space', 'SUPERSECRET_LEAK')
+---
+...
+cn:execute('SELECT * FROM SUPERSECRET_LEAK')
+---
+- error: Read access to space 'SUPERSECRET' is denied for user 'guest'
+...
+box.schema.user.grant('guest','read', 'space', 'SUPERSECRET')
+---
+...
+cn:execute('SELECT * FROM SUPERSECRET_LEAK')
+---
+- error: Read access to space 'SUPERSECRET2' is denied for user 'guest'
+...
+box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET')
+---
+...
+box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET_LEAK')
+---
+...
+box.execute("DROP VIEW supersecret_leak")
+---
+- row_count: 1
+...
+box.execute("DROP TABLE supersecret")
+---
+- row_count: 1
+...
+box.execute("DROP TABLE supersecret2")
+---
+- row_count: 1
+...
diff --git a/test/sql/gh-4104-view-access-check.test.lua b/test/sql/gh-4104-view-access-check.test.lua
new file mode 100644
index 000000000..2a44516ce
--- /dev/null
+++ b/test/sql/gh-4104-view-access-check.test.lua
@@ -0,0 +1,21 @@
+test_run = require('test_run').new()
+
+box.execute("CREATE TABLE supersecret(id INT PRIMARY KEY, data TEXT);")
+box.execute("CREATE TABLE supersecret2(id INT PRIMARY KEY, data TEXT);")
+box.execute("INSERT INTO supersecret VALUES(1, 'very very big secret');")
+box.execute("INSERT INTO supersecret2 VALUES(1, 'very big secret 2');")
+box.execute("CREATE VIEW supersecret_leak AS  SELECT * FROM supersecret, supersecret2;")
+LISTEN = require('uri').parse(box.cfg.listen)
+remote = require 'net.box'
+cn = remote.connect(LISTEN.host, LISTEN.service)
+
+box.schema.user.grant('guest','read', 'space', 'SUPERSECRET_LEAK')
+cn:execute('SELECT * FROM SUPERSECRET_LEAK')
+box.schema.user.grant('guest','read', 'space', 'SUPERSECRET')
+cn:execute('SELECT * FROM SUPERSECRET_LEAK')
+
+box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET')
+box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET_LEAK')
+box.execute("DROP VIEW supersecret_leak")
+box.execute("DROP TABLE supersecret")
+box.execute("DROP TABLE supersecret2")
-- 
2.21.0

next             reply	other threads:[~2019-04-24 12:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-24 12:16 Kirill Shcherbatov [this message]
2019-04-24 13:48 ` [tarantool-patches] " Vladislav Shpilevoy
2019-04-24 14:02   ` Kirill Shcherbatov
2019-04-24 14:22     ` Vladislav Shpilevoy
2019-04-25 10:32 ` Kirill Yukhin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3f7dd91795bf6154382cce7732a1016fc24ebcdc.1556108155.git.kshcherbatov@tarantool.org \
    --to=kshcherbatov@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --cc=v.shpilevoy@tarantool.org \
    --subject='Re: [tarantool-patches] [PATCH v1 1/1] sql: check access rights of table in VIEW' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox