Re: Quoting issues with createdb

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Quoting issues with createdb
Date: 2020-02-26 23:00:11
Message-ID: AD0B2FF0-B6C9-41BE-892E-C764E353E1EE@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 14 Feb 2020, at 05:10, Michael Paquier <michael(at)paquier(dot)xyz> wrote:

> createdb has a couple of issues with its quoting. For example take
> that, which can be confusing:
> $ createdb --lc-ctype="en_US.UTF-8';create table aa();select '1" popo
> createdb: error: database creation failed: ERROR: CREATE DATABASE
> cannot run inside a transaction block

Nice catch!

> The root of the issue is that any values added by the command caller
> with --lc-collate, --lc-ctype or --encoding are not quoted properly,
> and in all three cases it means that the quoting needs to be
> encoding-sensitive (Tom mentioned me directly that part). This proper
> quoting can be achieved using appendStringLiteralConn() from
> string_utils.c, at the condition of taking the connection to the
> server before building the CREATE DATABASE query.

Makes sense, it aligns it with other utils and passes all the tests. +1 on the
fix.

> Any opinions?

I would've liked a negative test basically along the lines of your example
above. If we left a hole the size of this, it would be nice to catch it from
accidentally happening again.

diff --git a/src/bin/scripts/t/020_createdb.pl b/src/bin/scripts/t/020_createdb.pl
index c0f6067a92..afd128deba 100644
--- a/src/bin/scripts/t/020_createdb.pl
+++ b/src/bin/scripts/t/020_createdb.pl
@@ -3,7 +3,7 @@ use warnings;

use PostgresNode;
use TestLib;
-use Test::More tests => 13;
+use Test::More tests => 14;

program_help_ok('createdb');
program_version_ok('createdb');
@@ -24,3 +24,6 @@ $node->issues_sql_like(

$node->command_fails([ 'createdb', 'foobar1' ],
'fails if database already exists');
+
+$node->command_fails(['createdb', '-l', 'C\';SELECT 1;' ],
+ 'fails on incorrect locale');

cheers ./daniel

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Munro 2020-02-26 23:17:45 Re: Reducing WaitEventSet syscall churn
Previous Message Peter Geoghegan 2020-02-26 22:43:27 Re: [HACKERS] [WIP] Effective storage of duplicates in B-tree index.