thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-16 03:12:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

The QRC system view must not show other user's queries

Browse Source
This commit is contained in:
Robert Schulze 2022-12-17 15:14:55 +00:00
parent aa50b9cf48
commit eccd25a24f
No known key found for this signature in database
GPG Key ID: 26703B55FB13728A
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Storages/System/StorageSystemQueryResultCache.cpp
View File

@ -37,6 +37,10 @@ void StorageSystemQueryResultCache::fillData(MutableColumns & res_columns, Conte
for (const auto & [key, entry] : query_result_cache->cache) for (const auto & [key, entry] : query_result_cache->cache)
{ {
/// Showing other user's queries is considered a security risk
if (key.username != context->getUserName())
continue;
res_columns[0]->insert(key.queryStringFromAst()); /// approximates the original query string res_columns[0]->insert(key.queryStringFromAst()); /// approximates the original query string
res_columns[1]->insert(key.ast->getTreeHash().first); res_columns[1]->insert(key.ast->getTreeHash().first);
res_columns[2]->insert(std::chrono::system_clock::to_time_t(key.expires_at)); res_columns[2]->insert(std::chrono::system_clock::to_time_t(key.expires_at));