thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-10 01:25:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix wiping sensitive info in INSERT INTO FUNCTION.

Browse Source
This commit is contained in:
Vitaly Baranov 2023-01-25 01:26:44 +01:00
parent 59528cfca0
commit 9014023625
2 changed files with 50 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Parsers/ParserInsertQuery.cpp
View File

@ -256,14 +256,23 @@ bool ParserInsertQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
if (infile) if (infile)
{ {
query->infile = infile; query->infile = infile;
query->compression = compression;
if (infile)
query->children.push_back(infile);
if (compression) if (compression)
query->compression = compression; query->children.push_back(compression);
} }
if (table_function) if (table_function)
{ {
query->table_function = table_function; query->table_function = table_function;
query->partition_by = partition_by_expr; query->partition_by = partition_by_expr;
if (table_function)
query->children.push_back(table_function);
if (partition_by_expr)
query->children.push_back(partition_by_expr);
} }
else else
{ {

42
tests/integration/test_mask_sensitive_info/test.py
View File

@ -21,11 +21,21 @@ def check_logs(must_contain=[], must_not_contain=[]):
node.query("SYSTEM FLUSH LOGS") node.query("SYSTEM FLUSH LOGS")
for str in must_contain: for str in must_contain:
escaped_str = str.replace("`", "\\`").replace("[", "\\[").replace("]", "\\]") escaped_str = (
str.replace("`", "\\`")
.replace("[", "\\[")
.replace("]", "\\]")
.replace("*", "\\*")
)
assert node.contains_in_log(escaped_str) assert node.contains_in_log(escaped_str)
for str in must_not_contain: for str in must_not_contain:
escaped_str = str.replace("`", "\\`").replace("[", "\\[").replace("]", "\\]") escaped_str = (
str.replace("`", "\\`")
.replace("[", "\\[")
.replace("]", "\\]")
.replace("*", "\\*")
)
assert not node.contains_in_log(escaped_str) assert not node.contains_in_log(escaped_str)
for str in must_contain: for str in must_contain:
@ -257,6 +267,34 @@ def test_table_functions():
node.query(f"DROP TABLE tablefunc{i}") node.query(f"DROP TABLE tablefunc{i}")
def test_table_function_ways_to_call():
password = new_password()
table_function = f"s3('http://minio1:9001/root/data/testfuncw.tsv.gz', 'minio', '{password}', 'TSV', 'x int')"
queries = [
"CREATE TABLE tablefuncw (`x` int) AS {}",
"INSERT INTO FUNCTION {} SELECT * FROM numbers(10)",
"DESCRIBE TABLE {}",
]
for query in queries:
# query_and_get_answer_with_error() is used here because we don't want to stop on error "Cannot connect to AWS".
# We test logging here and not actual work with AWS server.
node.query_and_get_answer_with_error(query.format(table_function))
table_function_with_hidden_arg = "s3('http://minio1:9001/root/data/testfuncw.tsv.gz', 'minio', '[HIDDEN]', 'TSV', 'x int')"
check_logs(
must_contain=[
query.format(table_function_with_hidden_arg) for query in queries
],
must_not_contain=[password],
)
node.query("DROP TABLE tablefuncw")
def test_encryption_functions(): def test_encryption_functions():
plaintext = new_password() plaintext = new_password()
cipher = new_password() cipher = new_password()