From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 268582EBC6 for ; Tue, 28 May 2019 10:08:17 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DD8r2nDHgHX0 for ; Tue, 28 May 2019 10:08:17 -0400 (EDT) Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 54C112EBC2 for ; Tue, 28 May 2019 10:08:16 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: [tarantool-patches] Re: [PATCH 2/2] sql: allow only for string-like args From: Roman Khabibov In-Reply-To: <1abf945a-736f-735a-98c5-a85db184ddb5@tarantool.org> Date: Tue, 28 May 2019 17:08:13 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <4389A940-D474-4977-A47A-FFBF809C3CC3@tarantool.org> References: <015351a65570062bdd3577b7222f047f7de7e89b.1557312975.git.roman.habibov@tarantool.org> <1abf945a-736f-735a-98c5-a85db184ddb5@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-Help: List-Unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-Subscribe: List-Owner: List-post: List-Archive: To: tarantool-patches@freelists.org Cc: Vladislav Shpilevoy Hi! Thanks for the review. > On May 12, 2019, at 7:32 PM, Vladislav Shpilevoy = wrote: >=20 > Sorry, the patch does not work: >=20 > tarantool> box.execute('SELECT NOT TRUE COLLATE "unicode"') > --- > - metadata: > - name: NOT TRUE COLLATE "unicode" > type: boolean > rows: > - [false] > ... >=20 > Obviously, 'NOT TRUE' is not a string. Strange, but without 'NOT' > everything is fine: >=20 > tarantool> box.execute('SELECT TRUE COLLATE "unicode"') > --- > - error: COLLATE can't be used with non-string arguments > ... >=20 > Please, fix. Fixed. +test:do_catchsql_test( + "collation-2.7.9", + 'SELECT TRUE COLLATE \"unicode\"', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.10", + 'SELECT NOT TRUE COLLATE \"unicode\"', + {1, "COLLATE can't be used with non-string arguments"}) + + >> diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c >> index ba7eea59d..29e3386fa 100644 >> --- a/src/box/sql/expr.c >> +++ b/src/box/sql/expr.c >> @@ -4215,6 +4215,22 @@ sqlExprCodeTarget(Parse * pParse, Expr * = pExpr, int target) >> } >> case TK_SPAN: >> case TK_COLLATE:{ >> + enum field_type type; >> + struct Expr *left =3D pExpr->pLeft; >> + if (left->op =3D=3D TK_COLUMN) { >> + int col_num =3D left->iColumn; >> + type =3D = left->space_def->fields[col_num].type; >> + } else >> + type =3D left->type; >> + if (left->op !=3D TK_CONCAT && >=20 > Why do you check for TK_CONCAT? Its type should be FIELD_TYPE_STRING. Concatenations are rejected without this check. commit 5feaa9330f2c642fc16b479383b1c5cac96c28cc Author: Roman Khabibov Date: Mon May 6 14:30:21 2019 +0300 sql: allow only for string-like args =20 Before this patch, user could use COLLATE with non-string-like literals, columns or subquery results. Disallow such usage. =20 Closes #3804 diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c index ba7eea59d..e558cbb18 100644 --- a/src/box/sql/expr.c +++ b/src/box/sql/expr.c @@ -197,6 +197,40 @@ sqlExprSkipCollate(Expr * pExpr) return pExpr; } =20 +/* + * Check that left node of @expr with the collation in the root + * can be used with . If it is not, leave an error + * message in pParse. + * + * @param pParse Parser context. + * @param expr Expression for checking. + * + * @retval 0 on success. + * @retval -1 on error. + */ +static int +check_collate_arg(Parse *parse, Expr *expr) +{ + struct Expr *left =3D expr->pLeft; + while (left->op =3D=3D TK_COLLATE) + left =3D left->pLeft; + enum field_type type; + if (left->op =3D=3D TK_COLUMN) { + int col_num =3D left->iColumn; + type =3D left->space_def->fields[col_num].type; + } else + type =3D left->type; + if (left->op !=3D TK_CONCAT && type !=3D FIELD_TYPE_STRING && + type !=3D FIELD_TYPE_SCALAR) { + diag_set(ClientError, ER_SQL_PARSER_GENERIC, + "COLLATE can't be used with " + "non-string arguments"); + parse->is_aborted =3D true; + return -1; + } + return 0; +} + int sql_expr_coll(Parse *parse, Expr *p, bool *is_explicit_coll, uint32_t = *coll_id, struct coll **coll) @@ -3935,6 +3969,9 @@ sqlExprCodeTarget(Parse * pParse, Expr * pExpr, = int target) testcase(op =3D=3D TK_BITNOT); assert(TK_NOT =3D=3D OP_Not); testcase(op =3D=3D TK_NOT); + if (pExpr->pLeft->op =3D=3D TK_COLLATE && + check_collate_arg(pParse, pExpr->pLeft) !=3D = 0) + break; r1 =3D sqlExprCodeTemp(pParse, pExpr->pLeft, ®Free1); testcase(regFree1 =3D=3D 0); @@ -4215,6 +4252,8 @@ sqlExprCodeTarget(Parse * pParse, Expr * pExpr, = int target) } case TK_SPAN: case TK_COLLATE:{ + if (check_collate_arg(pParse, pExpr) !=3D 0) + break; return sqlExprCodeTarget(pParse, pExpr->pLeft, target); } @@ -4439,6 +4478,8 @@ int sqlExprCodeTemp(Parse * pParse, Expr * pExpr, int *pReg) { int r2; + if (pExpr->op =3D=3D TK_COLLATE && check_collate_arg(pParse, = pExpr) !=3D 0) + return -1; pExpr =3D sqlExprSkipCollate(pExpr); if (ConstFactorOk(pParse) && pExpr->op !=3D TK_REGISTER && = sqlExprIsConstantNotJoin(pExpr) diff --git a/test/sql-tap/collation.test.lua = b/test/sql-tap/collation.test.lua index 3c5d3053a..4d4329717 100755 --- a/test/sql-tap/collation.test.lua +++ b/test/sql-tap/collation.test.lua @@ -1,6 +1,6 @@ #!/usr/bin/env tarantool test =3D require("sqltester") -test:plan(177) +test:plan(188) =20 local prefix =3D "collation-" =20 @@ -546,4 +546,63 @@ test:do_execsql_test( [[ SELECT s COLLATE "unicode_ci" FROM a ORDER BY s COLLATE = "unicode" ]], {"b","B"}) =20 +-- gh-3805 Check COLLATE passing with string-like args only. + +test:do_execsql_test( + "collation-2.7.0", + [[ CREATE TABLE test1 (one INT PRIMARY KEY, two INT) ]], + {}) + +test:do_catchsql_test( + "collation-2.7.1", + 'SELECT one COLLATE BINARY FROM test1', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.2", + 'SELECT one COLLATE "unicode_ci" FROM test1', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.3", + 'SELECT two COLLATE BINARY FROM test1', + {1, "COLLATE can't be used with non-string arguments"}) + + +test:do_catchsql_test( + "collation-2.7.4", + 'SELECT (one + two) COLLATE BINARY FROM test1', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.5", + 'SELECT (SELECT one FROM test1) COLLATE BINARY', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_execsql_test( + "collation-2.7.6", + 'SELECT TRIM(\'A\') COLLATE BINARY', + {"A"}) + +test:do_catchsql_test( + "collation-2.7.7", + 'SELECT RANDOM() COLLATE BINARY', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.8", + 'SELECT LENGTH(\'A\') COLLATE BINARY', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.9", + 'SELECT TRUE COLLATE \"unicode\"', + {1, "COLLATE can't be used with non-string arguments"}) + +test:do_catchsql_test( + "collation-2.7.10", + 'SELECT NOT TRUE COLLATE \"unicode\"', + {1, "COLLATE can't be used with non-string arguments"}) + + test:finish_test() diff --git a/test/sql-tap/distinct.test.lua = b/test/sql-tap/distinct.test.lua index e6970084e..ae35a0db5 100755 --- a/test/sql-tap/distinct.test.lua +++ b/test/sql-tap/distinct.test.lua @@ -121,12 +121,12 @@ local data =3D { {"12.1", 0, "SELECT DISTINCT a, d FROM t1"}, {"12.2", 0, "SELECT DISTINCT a, d FROM t4"}, {"13.1", 0, "SELECT DISTINCT a, b, c COLLATE \"unicode_ci\" FROM = t1"}, - {"13.2", 0, "SELECT DISTINCT a, b, c COLLATE \"unicode_ci\" FROM = t4"}, + {"13.2", 1, "SELECT DISTINCT a, b, c FROM t4"}, {"14.1", 0, "SELECT DISTINCT a, d COLLATE \"unicode_ci\" FROM t1"}, {"14.2", 1, "SELECT DISTINCT a, d COLLATE \"unicode_ci\" FROM t4"}, {"15 ", 0, "SELECT DISTINCT a, d COLLATE \"binary\" FROM t1"}, {"16.1", 0, "SELECT DISTINCT a, b, c COLLATE \"binary\" FROM t1"}, - {"16.2", 0, "SELECT DISTINCT a, b, c COLLATE \"binary\" FROM t4"}, + {"16.2", 1, "SELECT DISTINCT a, b, c FROM t4"}, {"17", 0, --{ \/* Technically, it would be possible to detect = that DISTINCT\n ** is a no-op in cases like the following. = But sql does not\n ** do so. *\/\n "SELECT DISTINCT t1.id FROM t1, t2 WHERE t1.id=3Dt2.x" }, {"18 ", 1, "SELECT DISTINCT c1, c2 FROM t3"}, @@ -173,7 +173,7 @@ data =3D { {"a, b, c FROM t1", {"btree"}, {"A", "B", "C", "a", "b", "c"}}, {"a, b, c FROM t1 ORDER BY a, b, c", {"btree"}, {"A", "B", "C", = "a", "b", "c"}}, {"b FROM t1 WHERE a =3D 'a'", {}, {"b"}}, - {"b FROM t1 ORDER BY +b COLLATE \"binary\"", {"btree", "btree"}, = {"B", "b"}}, + {"b FROM t1 ORDER BY b COLLATE \"binary\"", {"btree", "btree"}, = {"B", "b"}}, {"a FROM t1", {}, {"A", "a"}}, {"b COLLATE \"unicode_ci\" FROM t1", {}, {"b"}}, {"b COLLATE \"unicode_ci\" FROM t1 ORDER BY b COLLATE = \"unicode_ci\"", {}, {"b"}}, diff --git a/test/sql-tap/e_select1.test.lua = b/test/sql-tap/e_select1.test.lua index c4724e636..566f2e723 100755 --- a/test/sql-tap/e_select1.test.lua +++ b/test/sql-tap/e_select1.test.lua @@ -1938,7 +1938,7 @@ test:do_execsql_test( test:do_execsql_test( "e_select-8.9.2", [[ - SELECT x COLLATE "binary" FROM d4 ORDER BY 1 COLLATE = "unicode_ci" + SELECT x COLLATE "unicode_ci" FROM d4 ORDER BY 1 ]], { -- "abc", "DEF", "ghi", "JKL" diff --git a/test/sql-tap/identifier_case.test.lua = b/test/sql-tap/identifier_case.test.lua index 4db729f11..65ed9aea1 100755 --- a/test/sql-tap/identifier_case.test.lua +++ b/test/sql-tap/identifier_case.test.lua @@ -166,7 +166,7 @@ test:do_execsql_test( =20 test:do_execsql_test( test_prefix.."4.1", - string.format([[select * from table1 order by a collate = "unicode_ci"]]), + string.format([[select * from table1 order by a]]), {} ) =20 diff --git a/test/sql-tap/in3.test.lua b/test/sql-tap/in3.test.lua index 1ca6a6446..1fdee16b7 100755 --- a/test/sql-tap/in3.test.lua +++ b/test/sql-tap/in3.test.lua @@ -1,6 +1,6 @@ #!/usr/bin/env tarantool test =3D require("sqltester") -test:plan(27) +test:plan(25) =20 --!./tcltestrunner.lua -- 2007 November 29 @@ -186,33 +186,6 @@ test:do_test( -- }) =20 - - --- The first of these queries has to use the temp-table, because the=20 --- collation sequence used for the index on "t1.a" does not match the --- collation sequence used by the "IN" comparison. The second does not --- require a temp-table, because the collation sequences match. --- -test:do_test( - "in3-1.14", - function() - return exec_neph(" SELECT a FROM t1 WHERE a COLLATE = \"unicode_ci\" IN (SELECT a FROM t1) ") - end, { - -- - 1, 1, 3, 5 - -- - }) - -test:do_test( - "in3-1.15", - function() - return exec_neph(" SELECT a FROM t1 WHERE a COLLATE \"binary\" = IN (SELECT a FROM t1) ") - end, { - -- - 1, 1, 3, 5 - -- - }) - -- Neither of these queries require a temp-table. The collation = sequence -- makes no difference when using a rowid. -- diff --git a/test/sql-tap/resolver01.test.lua = b/test/sql-tap/resolver01.test.lua index 9fcf0c7c0..315c892ac 100755 --- a/test/sql-tap/resolver01.test.lua +++ b/test/sql-tap/resolver01.test.lua @@ -106,7 +106,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.1", [[ - SELECT 2 AS y FROM t1, t2 ORDER BY y COLLATE "unicode_ci"; + SELECT 2 AS y FROM t1, t2 ORDER BY y; ]], { -- 0, {2} @@ -116,7 +116,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.2", [[ - SELECT 2 AS yy FROM t1, t2 ORDER BY y COLLATE "unicode_ci"; + SELECT 2 AS yy FROM t1, t2 ORDER BY y; ]], { -- 1, "ambiguous column name: Y" @@ -126,7 +126,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.3", [[ - SELECT x AS y FROM t3 ORDER BY y COLLATE "unicode_ci"; + SELECT x AS y FROM t3 ORDER BY y; ]], { -- 0, {11, 33} @@ -136,7 +136,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.4", [[ - SELECT x AS yy FROM t3 ORDER BY y COLLATE "unicode_ci"; + SELECT x AS yy FROM t3 ORDER BY y; ]], { -- 0, {33, 11} @@ -146,7 +146,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.5", [[ - SELECT x AS yy FROM t3 ORDER BY yy COLLATE "unicode_ci"; + SELECT x AS yy FROM t3 ORDER BY yy; ]], { -- 0, {11, 33} @@ -156,7 +156,7 @@ test:do_catchsql_test( test:do_catchsql_test( "resolver01-2.6", [[ - SELECT x AS yy FROM t3 ORDER BY 1 COLLATE "unicode_ci"; + SELECT x AS yy FROM t3 ORDER BY 1; ]], { -- 0, {11, 33} diff --git a/test/sql-tap/select1.test.lua = b/test/sql-tap/select1.test.lua index 6beeb34cb..6811f7dcb 100755 --- a/test/sql-tap/select1.test.lua +++ b/test/sql-tap/select1.test.lua @@ -1672,7 +1672,7 @@ test:do_execsql_test( test:do_execsql_test( "select1-10.7", [[ - SELECT f1 COLLATE "unicode_ci" AS x FROM test1 ORDER BY x + SELECT f1 AS x FROM test1 ORDER BY x ]], { -- 11, 33 diff --git a/test/sql-tap/selectE.test.lua = b/test/sql-tap/selectE.test.lua index 32c3d6a06..16075d38e 100755 --- a/test/sql-tap/selectE.test.lua +++ b/test/sql-tap/selectE.test.lua @@ -57,8 +57,7 @@ test:do_test( CREATE TABLE t3(a TEXT primary key); INSERT INTO t3 VALUES('def'),('jkl'); =20 - SELECT a FROM t1 EXCEPT SELECT a FROM t2 - ORDER BY a COLLATE "unicode_ci"; + SELECT a FROM t1 EXCEPT SELECT a FROM t2 ORDER BY a COLLATE = "unicode_ci"; ]] end, { -- @@ -70,8 +69,7 @@ test:do_test( "selectE-1.1", function() return test:execsql [[ - SELECT a FROM t2 EXCEPT SELECT a FROM t3 - ORDER BY a COLLATE "unicode_ci"; + SELECT a FROM t2 EXCEPT SELECT a FROM t3 ORDER BY a COLLATE = "unicode_ci"; ]] end, { -- @@ -83,8 +81,7 @@ test:do_test( "selectE-1.2", function() return test:execsql [[ - SELECT a FROM t2 EXCEPT SELECT a FROM t3 - ORDER BY a COLLATE "binary"; + SELECT a FROM t2 EXCEPT SELECT a FROM t3 ORDER BY a COLLATE = "binary"; ]] end, { -- @@ -96,8 +93,7 @@ test:do_test( "selectE-1.3", function() return test:execsql [[ - SELECT a FROM t2 EXCEPT SELECT a FROM t3 - ORDER BY a; + SELECT a FROM t2 EXCEPT SELECT a FROM t3 ORDER BY a; ]] end, { -- @@ -113,8 +109,7 @@ test:do_test( DELETE FROM t3; INSERT INTO t2 VALUES('ABC'),('def'),('GHI'),('jkl'); INSERT INTO t3 SELECT lower(a) FROM t2; - SELECT a COLLATE "unicode_ci" FROM t2 EXCEPT SELECT a FROM = t3 - ORDER BY 1 + SELECT a COLLATE "unicode_ci" FROM t2 EXCEPT SELECT a FROM = t3 ORDER BY 1 ]] end, { -- diff --git a/test/sql-tap/with1.test.lua b/test/sql-tap/with1.test.lua index ec45e5e76..6985c589e 100755 --- a/test/sql-tap/with1.test.lua +++ b/test/sql-tap/with1.test.lua @@ -1043,7 +1043,7 @@ test:do_catchsql_test(13.3, [[ -- 2015-04-12 -- test:do_execsql_test(14.1, [[ - WITH x AS (SELECT * FROM t) SELECT 0 EXCEPT SELECT 0 ORDER BY 1 = COLLATE "binary"; + WITH x AS (SELECT * FROM t) SELECT 0 EXCEPT SELECT 0 ORDER BY 1; ]], { -- <14.1>=