From eccd25a24f9cce40b02e524bec642a458d81b59e Mon Sep 17 00:00:00 2001
From: Robert Schulze <robert@clickhouse.com>
Date: Sat, 17 Dec 2022 15:14:55 +0000
Subject: [PATCH] The QRC system view must not show other user's queries

---
 src/Storages/System/StorageSystemQueryResultCache.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Storages/System/StorageSystemQueryResultCache.cpp b/src/Storages/System/StorageSystemQueryResultCache.cpp
index e7b53dacc1f..22203dba697 100644
--- a/src/Storages/System/StorageSystemQueryResultCache.cpp
+++ b/src/Storages/System/StorageSystemQueryResultCache.cpp
@@ -37,6 +37,10 @@ void StorageSystemQueryResultCache::fillData(MutableColumns & res_columns, Conte
 
     for (const auto & [key, entry] : query_result_cache->cache)
     {
+        /// Showing other user's queries is considered a security risk
+        if (key.username != context->getUserName())
+            continue;
+
         res_columns[0]->insert(key.queryStringFromAst()); /// approximates the original query string
         res_columns[1]->insert(key.ast->getTreeHash().first);
         res_columns[2]->insert(std::chrono::system_clock::to_time_t(key.expires_at));