[tarantool-patches] [PATCH v1 3/3] sql: dissallow bindings for DDL

Tarantool development patches archive
 help / color / mirror / Atom feed

From: Kirill Shcherbatov <kshcherbatov@tarantool.org>
To: tarantool-patches@freelists.org
Cc: korablev@tarantool.org, Kirill Shcherbatov <kshcherbatov@tarantool.org>
Subject: [tarantool-patches] [PATCH v1 3/3] sql: dissallow bindings for DDL
Date: Fri, 31 Aug 2018 18:45:42 +0300	[thread overview]
Message-ID: <5049d3e7b70b7091c51ac99fc64f14a07c879c8a.1535730218.git.kshcherbatov@tarantool.org> (raw)
In-Reply-To: <cover.1535730218.git.kshcherbatov@tarantool.org>
In-Reply-To: <cover.1535730218.git.kshcherbatov@tarantool.org>

Bindings could not be used in stored ACTs because they allocate
memory registers and makes assignments on parse sequentially.
Original sqlite3 did validations that persistent AST doesn't have
auto-assigment Varibles on triggers and checks creation.
On DDL integration complete we've get rid this mechanism.
Now it should be returned.

Closes #3653.
---
 src/box/space_def.c         |  3 ++-
 src/box/sql/parse.y         |  6 +++++-
 src/box/sql/tokenize.c      |  8 ++++----
 test/sql-tap/check.test.lua |  4 ++--
 test/sql/checks.result      | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 test/sql/checks.test.lua    | 18 +++++++++++++++++-
 6 files changed, 74 insertions(+), 10 deletions(-)

diff --git a/src/box/space_def.c b/src/box/space_def.c
index f5ca0b5..542289e 100644
--- a/src/box/space_def.c
+++ b/src/box/space_def.c
@@ -338,7 +338,8 @@ checks_array_decode(const char **str, uint32_t len, char *opt, uint32_t errcode,
 			box_error_t *err = box_error_last();
 			if (box_error_code(err) != ENOMEM) {
 				snprintf(errmsg, TT_STATIC_BUF_LEN,
-					 "invalid expression specified");
+					 "invalid expression specified (%s)",
+					 box_error_message(err));
 				diag_set(ClientError, errcode, field_no,
 					 errmsg);
 			}
diff --git a/src/box/sql/parse.y b/src/box/sql/parse.y
index d8532d3..60cf3f3 100644
--- a/src/box/sql/parse.y
+++ b/src/box/sql/parse.y
@@ -881,7 +881,11 @@ term(A) ::= INTEGER(X). {
 }
 expr(A) ::= VARIABLE(X).     {
   Token t = X;
-  if( !(X.z[0]=='#' && sqlite3Isdigit(X.z[1])) ){
+  if (pParse->parse_only) {
+    spanSet(&A, &t, &t);
+    sqlite3ErrorMsg(pParse, "bindings are not allowed in DDL");
+    A.pExpr = NULL;
+  } else if (!(X.z[0]=='#' && sqlite3Isdigit(X.z[1]))) {
     u32 n = X.n;
     spanExpr(&A, pParse, TK_VARIABLE, X);
     if (A.pExpr->u.zToken[0] == '?' && n > 1)
diff --git a/src/box/sql/tokenize.c b/src/box/sql/tokenize.c
index ec06456..4eebfe5 100644
--- a/src/box/sql/tokenize.c
+++ b/src/box/sql/tokenize.c
@@ -561,10 +561,10 @@ sql_expr_compile(sqlite3 *db, const char *expr, int expr_len)
 	}
 	sprintf(stmt, "%s%.*s", outer, expr_len, expr);
 
-	char *unused;
-	if (sqlite3RunParser(&parser, stmt, &unused) != SQLITE_OK ||
+	char *sql_error = NULL;
+	if (sqlite3RunParser(&parser, stmt, &sql_error) != SQLITE_OK ||
 	    parser.parsed_ast_type != AST_TYPE_EXPR) {
-		diag_set(ClientError, ER_SQL_EXECUTE, stmt);
+		diag_set(ClientError, ER_SQL, sql_error);
 	} else {
 		expression = parser.parsed_ast.expr;
 		parser.parsed_ast.expr = NULL;
@@ -602,7 +602,7 @@ sql_trigger_compile(struct sqlite3 *db, const char *sql)
 	struct Parse parser;
 	sql_parser_create(&parser, db);
 	parser.parse_only = true;
-	char *sql_error;
+	char *sql_error = NULL;
 	struct sql_trigger *trigger = NULL;
 	if (sqlite3RunParser(&parser, sql, &sql_error) != SQLITE_OK ||
 	    parser.parsed_ast_type != AST_TYPE_TRIGGER) {
diff --git a/test/sql-tap/check.test.lua b/test/sql-tap/check.test.lua
index ff36552..f03ac7b 100755
--- a/test/sql-tap/check.test.lua
+++ b/test/sql-tap/check.test.lua
@@ -555,7 +555,7 @@ test:do_catchsql_test(
         );
     ]], {
         -- <check-5.1>
-        1, "Failed to create space 'T5': SQL error: parameters prohibited in CHECK constraints"
+        1, "Wrong space options (field 5): invalid expression specified (SQL error: bindings are not allowed in DDL)"
         -- </check-5.1>
     })
 
@@ -567,7 +567,7 @@ test:do_catchsql_test(
         );
     ]], {
         -- <check-5.2>
-        1, "Failed to create space 'T5': SQL error: parameters prohibited in CHECK constraints"
+        1, "Wrong space options (field 5): invalid expression specified (SQL error: bindings are not allowed in DDL)"
         -- </check-5.2>
     })
 
diff --git a/test/sql/checks.result b/test/sql/checks.result
index 3084d89..a88e048 100644
--- a/test/sql/checks.result
+++ b/test/sql/checks.result
@@ -29,7 +29,8 @@ t = {513, 1, 'test', 'memtx', 0, opts, format}
 ...
 s = box.space._space:insert(t)
 ---
-- error: 'Wrong space options (field 5): invalid expression specified'
+- error: 'Wrong space options (field 5): invalid expression specified (SQL error:
+    near "<": syntax error)'
 ...
 opts = {checks = {{expr = 'X>5'}}}
 ---
@@ -116,6 +117,48 @@ box.sql.execute("DROP TABLE w2;")
 ---
 - error: 'no such table: W2'
 ...
+--
+-- gh-3653: Dissallow bindings for DDL
+--
+box.sql.execute("CREATE TABLE t1(a INT PRIMARY KEY, b INT);")
+---
+...
+space_id = box.space.T1.id
+---
+...
+box.sql.execute("CREATE TRIGGER tr1 AFTER INSERT ON t1 WHEN new.a = ? BEGIN SELECT 1; END;")
+---
+- error: 'SQL error: bindings are not allowed in DDL'
+...
+tuple = {"TR1", space_id, {sql = [[CREATE TRIGGER tr1 AFTER INSERT ON t1 WHEN new.a = ? BEGIN SELECT 1; END;]]}}
+---
+...
+box.space._trigger:insert(tuple)
+---
+- error: 'SQL error: bindings are not allowed in DDL'
+...
+box.sql.execute("DROP TABLE t1;")
+---
+...
+box.sql.execute("CREATE TABLE t5(x primary key, y,CHECK( x*y<? ));")
+---
+- error: 'Wrong space options (field 5): invalid expression specified (SQL error:
+    bindings are not allowed in DDL)'
+...
+opts = {checks = {{expr = '?>5', name = 'ONE'}}}
+---
+...
+format = {{name = 'X', type = 'unsigned'}}
+---
+...
+t = {513, 1, 'test', 'memtx', 0, opts, format}
+---
+...
+s = box.space._space:insert(t)
+---
+- error: 'Wrong space options (field 5): invalid expression specified (SQL error:
+    bindings are not allowed in DDL)'
+...
 test_run:cmd("clear filter")
 ---
 - true
diff --git a/test/sql/checks.test.lua b/test/sql/checks.test.lua
index fb95809..3506d5c 100644
--- a/test/sql/checks.test.lua
+++ b/test/sql/checks.test.lua
@@ -43,11 +43,27 @@ format = {{name = 'X', type = 'unsigned'}}
 t = {513, 1, 'test', 'memtx', 0, opts, format}
 s = box.space._space:insert(t)
 
-
 --
 -- gh-3611: Segfault on table creation with check referencing this table
 --
 box.sql.execute("CREATE TABLE w2 (s1 INT PRIMARY KEY, CHECK ((SELECT COUNT(*) FROM w2) = 0));")
 box.sql.execute("DROP TABLE w2;")
 
+--
+-- gh-3653: Dissallow bindings for DDL
+--
+box.sql.execute("CREATE TABLE t1(a INT PRIMARY KEY, b INT);")
+space_id = box.space.T1.id
+box.sql.execute("CREATE TRIGGER tr1 AFTER INSERT ON t1 WHEN new.a = ? BEGIN SELECT 1; END;")
+tuple = {"TR1", space_id, {sql = [[CREATE TRIGGER tr1 AFTER INSERT ON t1 WHEN new.a = ? BEGIN SELECT 1; END;]]}}
+box.space._trigger:insert(tuple)
+box.sql.execute("DROP TABLE t1;")
+
+box.sql.execute("CREATE TABLE t5(x primary key, y,CHECK( x*y<? ));")
+
+opts = {checks = {{expr = '?>5', name = 'ONE'}}}
+format = {{name = 'X', type = 'unsigned'}}
+t = {513, 1, 'test', 'memtx', 0, opts, format}
+s = box.space._space:insert(t)
+
 test_run:cmd("clear filter")
-- 
2.7.4

next prev parent reply	other threads:[~2018-08-31 15:45 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-31 15:45 [tarantool-patches] [PATCH v1 0/3] " Kirill Shcherbatov
2018-08-31 15:45 ` [tarantool-patches] [PATCH v1 1/3] sql: fix sql_check_list_item_init double free Kirill Shcherbatov
2018-08-31 15:45 ` [tarantool-patches] [PATCH v1 2/3] sql: fix sql_*_compile functions leak on error Kirill Shcherbatov
2018-08-31 15:45 ` Kirill Shcherbatov [this message]
2018-09-04 11:00   ` [tarantool-patches] Re: [PATCH v1 3/3] sql: dissallow bindings for DDL n.pettik
2018-09-06 13:04     ` Kirill Shcherbatov
2018-09-10 21:52       ` n.pettik
2018-09-11  7:21         ` Kirill Shcherbatov
2018-09-11 23:03           ` n.pettik
2018-09-13  6:13             ` Kirill Shcherbatov
2018-09-13 10:12 ` [tarantool-patches] Re: [PATCH v1 0/3] " Kirill Yukhin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5049d3e7b70b7091c51ac99fc64f14a07c879c8a.1535730218.git.kshcherbatov@tarantool.org \
    --to=kshcherbatov@tarantool.org \
    --cc=korablev@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --subject='Re: [tarantool-patches] [PATCH v1 3/3] sql: dissallow bindings for DDL' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox