diff --git a/Makefile b/Makefile index cca576da85..bc1b83349b 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,8 @@ else REGRESS += array endif +REGRESS := security tmp $(filter-out security rum rum_hash orderby orderby_hash text array, $(REGRESS)) + # For 9.6-11 we have to make specific target with tap tests ifeq ($(MAJORVERSION), $(filter 9.6% 10% 11%, $(MAJORVERSION))) wal-check: temp-install diff --git a/expected/altorder_1.out b/expected/altorder_1.out index 980515f58e..eba8690c2a 100644 --- a/expected/altorder_1.out +++ b/expected/altorder_1.out @@ -186,8 +186,9 @@ SELECT count(*) FROM atsts WHERE t @@ 'wr|qh'; --------------------------------------------------- Aggregate -> Seq Scan on atsts + Disabled: true Filter: (t @@ '''wr'' | ''qh'''::tsquery) -(3 rows) +(4 rows) SELECT count(*) FROM atsts WHERE t @@ 'wr|qh'; count @@ -231,8 +232,9 @@ SELECT count(*) FROM atsts WHERE d < '2016-05-16 14:21:25'; ------------------------------------------------------------------------------- Aggregate -> Seq Scan on atsts + Disabled: true Filter: (d < 'Mon May 16 14:21:25 2016'::timestamp without time zone) -(3 rows) +(4 rows) SELECT count(*) FROM atsts WHERE d < '2016-05-16 14:21:25'; count @@ -246,8 +248,9 @@ SELECT count(*) FROM atsts WHERE d > '2016-05-16 14:21:25'; ------------------------------------------------------------------------------- Aggregate -> Seq Scan on atsts + Disabled: true Filter: (d > 'Mon May 16 14:21:25 2016'::timestamp without time zone) -(3 rows) +(4 rows) SELECT count(*) FROM atsts WHERE d > '2016-05-16 14:21:25'; count @@ -267,8 +270,9 @@ SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY -> Sort Sort Key: ((d <=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atsts + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY d <=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -288,8 +292,9 @@ SELECT id, d, d <=| '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY -> Sort Sort Key: ((d <=| 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atsts + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d <=| '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY d <=| '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -309,8 +314,9 @@ SELECT id, d, d |=> '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY -> Sort Sort Key: ((d |=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atsts + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d |=> '2016-05-16 14:21:25' FROM atsts WHERE t @@ 'wr&qh' ORDER BY d |=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -330,7 +336,8 @@ SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atsts ORDER BY d <=> '2016-05-16 -> Sort Sort Key: ((d <=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atsts -(4 rows) + Disabled: true +(5 rows) SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atsts ORDER BY d <=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -349,8 +356,9 @@ SELECT id, d FROM atsts WHERE t @@ 'wr&qh' AND d <= '2016-05-16 14:21:25' ORDER Sort Sort Key: d -> Seq Scan on atsts + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (d <= 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -(4 rows) +(5 rows) SELECT id, d FROM atsts WHERE t @@ 'wr&qh' AND d <= '2016-05-16 14:21:25' ORDER BY d; id | d @@ -400,8 +408,9 @@ SELECT id, d FROM atsts WHERE t @@ 'wr&qh' AND d >= '2016-05-16 14:21:25' ORDER Sort Sort Key: d -> Seq Scan on atsts + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (d >= 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -(4 rows) +(5 rows) SELECT id, d FROM atsts WHERE t @@ 'wr&qh' AND d >= '2016-05-16 14:21:25' ORDER BY d; id | d @@ -447,8 +456,9 @@ SELECT id, d FROM atsts WHERE t @@ 'wr&q:*' AND d >= '2016-05-16 14:21:25' ORDE Sort Sort Key: d -> Seq Scan on atsts + Disabled: true Filter: ((t @@ '''wr'' & ''q'':*'::tsquery) AND (d >= 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -(4 rows) +(5 rows) SELECT id, d FROM atsts WHERE t @@ 'wr&q:*' AND d >= '2016-05-16 14:21:25' ORDER BY d; id | d diff --git a/expected/altorder_hash_1.out b/expected/altorder_hash_1.out index e310fbdb89..95f529d37d 100644 --- a/expected/altorder_hash_1.out +++ b/expected/altorder_hash_1.out @@ -131,8 +131,9 @@ SELECT count(*) FROM atstsh WHERE t @@ 'wr|qh'; --------------------------------------------------- Aggregate -> Seq Scan on atstsh + Disabled: true Filter: (t @@ '''wr'' | ''qh'''::tsquery) -(3 rows) +(4 rows) SELECT count(*) FROM atstsh WHERE t @@ 'wr|qh'; count @@ -176,8 +177,9 @@ SELECT count(*) FROM atstsh WHERE d < '2016-05-16 14:21:25'; ------------------------------------------------------------------------------- Aggregate -> Seq Scan on atstsh + Disabled: true Filter: (d < 'Mon May 16 14:21:25 2016'::timestamp without time zone) -(3 rows) +(4 rows) SELECT count(*) FROM atstsh WHERE d < '2016-05-16 14:21:25'; count @@ -191,8 +193,9 @@ SELECT count(*) FROM atstsh WHERE d > '2016-05-16 14:21:25'; ------------------------------------------------------------------------------- Aggregate -> Seq Scan on atstsh + Disabled: true Filter: (d > 'Mon May 16 14:21:25 2016'::timestamp without time zone) -(3 rows) +(4 rows) SELECT count(*) FROM atstsh WHERE d > '2016-05-16 14:21:25'; count @@ -212,8 +215,9 @@ SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER B -> Sort Sort Key: ((d <=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atstsh + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER BY d <=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -233,8 +237,9 @@ SELECT id, d, d <=| '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER B -> Sort Sort Key: ((d <=| 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atstsh + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d <=| '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER BY d <=| '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -254,8 +259,9 @@ SELECT id, d, d |=> '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER B -> Sort Sort Key: ((d |=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atstsh + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, d, d |=> '2016-05-16 14:21:25' FROM atstsh WHERE t @@ 'wr&qh' ORDER BY d |=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -275,7 +281,8 @@ SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atstsh ORDER BY d <=> '2016-05-16 -> Sort Sort Key: ((d <=> 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -> Seq Scan on atstsh -(4 rows) + Disabled: true +(5 rows) SELECT id, d, d <=> '2016-05-16 14:21:25' FROM atstsh ORDER BY d <=> '2016-05-16 14:21:25' LIMIT 5; id | d | ?column? @@ -294,8 +301,9 @@ SELECT id, d FROM atstsh WHERE t @@ 'wr&qh' AND d <= '2016-05-16 14:21:25' ORDE Sort Sort Key: d -> Seq Scan on atstsh + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (d <= 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -(4 rows) +(5 rows) SELECT id, d FROM atstsh WHERE t @@ 'wr&qh' AND d <= '2016-05-16 14:21:25' ORDER BY d; id | d @@ -318,8 +326,9 @@ SELECT id, d FROM atstsh WHERE t @@ 'wr&qh' AND d >= '2016-05-16 14:21:25' ORDE Sort Sort Key: d -> Seq Scan on atstsh + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (d >= 'Mon May 16 14:21:25 2016'::timestamp without time zone)) -(4 rows) +(5 rows) SELECT id, d FROM atstsh WHERE t @@ 'wr&qh' AND d >= '2016-05-16 14:21:25' ORDER BY d; id | d diff --git a/expected/int8_1.out b/expected/int8_1.out index ffced0aaf8..0bba72ee56 100644 --- a/expected/int8_1.out +++ b/expected/int8_1.out @@ -234,8 +234,9 @@ SELECT count(*) FROM test_int8_a WHERE id < 400::int8; -------------------------------------- Aggregate -> Seq Scan on test_int8_a + Disabled: true Filter: (id < '400'::bigint) -(3 rows) +(4 rows) SELECT count(*) FROM test_int8_a WHERE id < 400::int8; count @@ -251,8 +252,9 @@ SELECT id, id <=> 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id <=> 400 LI -> Sort Sort Key: ((id <=> '400'::bigint)) -> Seq Scan on test_int8_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id <=> 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id <=> 400 LIMIT 5; id | ?column? @@ -272,8 +274,9 @@ SELECT id, id <=| 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id <=| 400 LI -> Sort Sort Key: ((id <=| '400'::bigint)) -> Seq Scan on test_int8_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id <=| 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id <=| 400 LIMIT 5; id | ?column? @@ -293,8 +296,9 @@ SELECT id, id |=> 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id |=> 400 LI -> Sort Sort Key: ((id |=> '400'::bigint)) -> Seq Scan on test_int8_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id |=> 400 FROM test_int8_a WHERE t @@ 'wr&qh' ORDER BY id |=> 400 LIMIT 5; id | ?column? @@ -313,8 +317,9 @@ SELECT id FROM test_int8_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id; Sort Sort Key: id -> Seq Scan on test_int8_a + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (id <= '400'::bigint)) -(4 rows) +(5 rows) SELECT id FROM test_int8_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id; id @@ -338,8 +343,9 @@ SELECT id FROM test_int8_a WHERE t @@ 'wr&qh' AND id >= 400::int8 ORDER BY id; Sort Sort Key: id -> Seq Scan on test_int8_a + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (id >= '400'::bigint)) -(4 rows) +(5 rows) SELECT id FROM test_int8_a WHERE t @@ 'wr&qh' AND id >= 400::int8 ORDER BY id; id @@ -515,8 +521,9 @@ SELECT count(*) FROM test_int8_h_a WHERE id < 400::int8; -------------------------------------- Aggregate -> Seq Scan on test_int8_h_a + Disabled: true Filter: (id < '400'::bigint) -(3 rows) +(4 rows) SELECT count(*) FROM test_int8_h_a WHERE id < 400::int8; count @@ -532,8 +539,9 @@ SELECT id, id <=> 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id <=> 400 -> Sort Sort Key: ((id <=> '400'::bigint)) -> Seq Scan on test_int8_h_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id <=> 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id <=> 400 LIMIT 5; id | ?column? @@ -553,8 +561,9 @@ SELECT id, id <=| 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id <=| 400 -> Sort Sort Key: ((id <=| '400'::bigint)) -> Seq Scan on test_int8_h_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id <=| 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id <=| 400 LIMIT 5; id | ?column? @@ -574,8 +583,9 @@ SELECT id, id |=> 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id |=> 400 -> Sort Sort Key: ((id |=> '400'::bigint)) -> Seq Scan on test_int8_h_a + Disabled: true Filter: (t @@ '''wr'' & ''qh'''::tsquery) -(5 rows) +(6 rows) SELECT id, id |=> 400 FROM test_int8_h_a WHERE t @@ 'wr&qh' ORDER BY id |=> 400 LIMIT 5; id | ?column? @@ -594,8 +604,9 @@ SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id Sort Sort Key: id -> Seq Scan on test_int8_h_a + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (id <= '400'::bigint)) -(4 rows) +(5 rows) SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id; id @@ -619,8 +630,9 @@ SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id >= 400::int8 ORDER BY id Sort Sort Key: id -> Seq Scan on test_int8_h_a + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (id >= '400'::bigint)) -(4 rows) +(5 rows) SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id >= 400::int8 ORDER BY id; id @@ -644,8 +656,9 @@ SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id Sort Sort Key: ((id <=> '400'::bigint)) -> Seq Scan on test_int8_h_a + Disabled: true Filter: ((t @@ '''wr'' & ''qh'''::tsquery) AND (id <= '400'::bigint)) -(4 rows) +(5 rows) SELECT id FROM test_int8_h_a WHERE t @@ 'wr&qh' AND id <= 400::int8 ORDER BY id <=> 400::int8; id diff --git a/expected/security_1.out b/expected/security_1.out new file mode 100644 index 0000000000..e5e76e58e8 --- /dev/null +++ b/expected/security_1.out @@ -0,0 +1,10 @@ +-- Check security CVE-2020-14350 +CREATE FUNCTION rum_anyarray_similar(anyarray,anyarray) RETURNS bool AS $$ SELECT false $$ LANGUAGE SQL; +CREATE EXTENSION rum; +ERROR: function "rum_anyarray_similar" already exists with same argument types +CONTEXT: SQL statement "CREATE FUNCTION rum_anyarray_similar(anyarray,anyarray) +RETURNS bool +AS '$libdir/rum' +LANGUAGE C STRICT STABLE" +extension script file "rum--1.3.sql", near line 1530 +DROP FUNCTION rum_anyarray_similar(anyarray,anyarray); diff --git a/expected/tmp.out b/expected/tmp.out new file mode 100644 index 0000000000..232f1b7c97 --- /dev/null +++ b/expected/tmp.out @@ -0,0 +1,34 @@ +CREATE EXTENSION rum; +CREATE TABLE test_rum( t text, a tsvector ); +CREATE TRIGGER tsvectorupdate +BEFORE UPDATE OR INSERT ON test_rum +FOR EACH ROW EXECUTE PROCEDURE tsvector_update_trigger('a', 'pg_catalog.english', 't'); +CREATE INDEX rumidx ON test_rum USING rum (a rum_tsvector_ops); +-- Check empty table using index scan +SELECT + a <=> to_tsquery('pg_catalog.english', 'way & (go | half)'), + rum_ts_distance(a, to_tsquery('pg_catalog.english', 'way & (go | half)')), + rum_ts_score(a, to_tsquery('pg_catalog.english', 'way & (go | half)')), + * + FROM test_rum + ORDER BY a <=> to_tsquery('pg_catalog.english', 'way & (go | half)') limit 2; + ?column? | rum_ts_distance | rum_ts_score | t | a +----------+-----------------+--------------+---+--- +(0 rows) + +-- Fill the table with data +\copy test_rum(t) from 'data/rum.data'; +CREATE INDEX failed_rumidx ON test_rum USING rum (a rum_tsvector_addon_ops); +ERROR: additional information attribute "a" is not found in index +CREATE TABLE tsts (id int, t tsvector, d timestamp); +\copy tsts from 'data/tsts.data' +CREATE INDEX tsts_idx ON tsts USING rum (t rum_tsvector_addon_ops, d) + WITH (attach = 'd', to = 't'); +INSERT INTO tsts VALUES (-1, 't1 t2', '2016-05-02 02:24:22.326724'); +INSERT INTO tsts VALUES (-2, 't1 t2 t3', '2016-05-02 02:26:22.326724'); +INSERT INTO test_rum (t) VALUES ('foo bar foo the over foo qq bar'); +INSERT INTO test_rum (t) VALUES ('345 qwerty copyright'); +INSERT INTO test_rum (t) VALUES ('345 qwerty'); +INSERT INTO test_rum (t) VALUES ('A fat cat has just eaten a rat.'); +SET enable_seqscan=off; +SET enable_indexscan=off; diff --git a/sql/tmp.sql b/sql/tmp.sql new file mode 100644 index 0000000000..76625044e9 --- /dev/null +++ b/sql/tmp.sql @@ -0,0 +1,42 @@ +CREATE EXTENSION rum; + +CREATE TABLE test_rum( t text, a tsvector ); + +CREATE TRIGGER tsvectorupdate +BEFORE UPDATE OR INSERT ON test_rum +FOR EACH ROW EXECUTE PROCEDURE tsvector_update_trigger('a', 'pg_catalog.english', 't'); +CREATE INDEX rumidx ON test_rum USING rum (a rum_tsvector_ops); + +-- Check empty table using index scan +SELECT + a <=> to_tsquery('pg_catalog.english', 'way & (go | half)'), + rum_ts_distance(a, to_tsquery('pg_catalog.english', 'way & (go | half)')), + rum_ts_score(a, to_tsquery('pg_catalog.english', 'way & (go | half)')), + * + FROM test_rum + ORDER BY a <=> to_tsquery('pg_catalog.english', 'way & (go | half)') limit 2; + +-- Fill the table with data +\copy test_rum(t) from 'data/rum.data'; + +CREATE INDEX failed_rumidx ON test_rum USING rum (a rum_tsvector_addon_ops); + +CREATE TABLE tsts (id int, t tsvector, d timestamp); + +\copy tsts from 'data/tsts.data' + +CREATE INDEX tsts_idx ON tsts USING rum (t rum_tsvector_addon_ops, d) + WITH (attach = 'd', to = 't'); + + +INSERT INTO tsts VALUES (-1, 't1 t2', '2016-05-02 02:24:22.326724'); +INSERT INTO tsts VALUES (-2, 't1 t2 t3', '2016-05-02 02:26:22.326724'); + +INSERT INTO test_rum (t) VALUES ('foo bar foo the over foo qq bar'); +INSERT INTO test_rum (t) VALUES ('345 qwerty copyright'); +INSERT INTO test_rum (t) VALUES ('345 qwerty'); +INSERT INTO test_rum (t) VALUES ('A fat cat has just eaten a rat.'); + + +SET enable_seqscan=off; +SET enable_indexscan=off;