Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix ALTER QUERY MODIFY SQL SECURITY #61480

Merged
merged 7 commits into from
Mar 26, 2024
Merged

Fix ALTER QUERY MODIFY SQL SECURITY #61480

merged 7 commits into from
Mar 26, 2024

Conversation

pufit
Copy link
Member

@pufit pufit commented Mar 16, 2024

Changelog category (leave one):

  • Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Fix the ALTER QUERY MODIFY SQL SECURITY queries to override the table's DDL correctly.

Closes #61245

Documentation entry for user-facing changes

Information about CI checks: https://clickhouse.com/docs/en/development/continuous-integration/

@robot-ch-test-poll3 robot-ch-test-poll3 added the pr-bugfix Pull request with bugfix, not backported by default label Mar 16, 2024
@robot-ch-test-poll3
Copy link
Contributor

robot-ch-test-poll3 commented Mar 16, 2024

This is an automated comment for commit 1bafdf3 with description of existing statuses. It's updated for the latest CI running

❌ Click here to open a full report in a separate page

Check nameDescriptionStatus
AST fuzzerRuns randomly generated queries to catch program errors. The build type is optionally given in parenthesis. If it fails, ask a maintainer for help❌ failure
CI runningA meta-check that indicates the running CI. Normally, it's in success or pending state. The failed status indicates some problems with the PR⏳ pending
Performance ComparisonMeasure changes in query performance. The performance test report is described in detail here. In square brackets are the optional part/total tests❌ failure
Successful checks
Check nameDescriptionStatus
A SyncThere's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS✅ success
Bugfix validationChecks that either a new test (functional or integration) or there some changed tests that fail with the binary built on master branch✅ success
ClickBenchRuns [ClickBench](https://github.com/ClickHouse/ClickBench/) with instant-attach table✅ success
ClickHouse build checkBuilds ClickHouse in various configurations for use in further steps. You have to fix the builds that fail. Build logs often has enough information to fix the error, but you might have to reproduce the failure locally. The cmake options can be found in the build log, grepping for cmake. Use these options and follow the general build process✅ success
Compatibility checkChecks that clickhouse binary runs on distributions with old libc versions. If it fails, ask a maintainer for help✅ success
Docker keeper imageThe check to build and optionally push the mentioned image to docker hub✅ success
Docker server imageThe check to build and optionally push the mentioned image to docker hub✅ success
Docs checkBuilds and tests the documentation✅ success
Fast testNormally this is the first check that is ran for a PR. It builds ClickHouse and runs most of stateless functional tests, omitting some. If it fails, further checks are not started until it is fixed. Look at the report to see which tests fail, then reproduce the failure locally as described here✅ success
Flaky testsChecks if new added or modified tests are flaky by running them repeatedly, in parallel, with more randomization. Functional tests are run 100 times with address sanitizer, and additional randomization of thread scheduling. Integrational tests are run up to 10 times. If at least once a new test has failed, or was too long, this check will be red. We don't allow flaky tests, read the doc✅ success
Integration testsThe integration tests report. In parenthesis the package type is given, and in square brackets are the optional part/total tests✅ success
Mergeable CheckChecks if all other necessary checks are successful✅ success
PR CheckThere's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS✅ success
Stateful testsRuns stateful functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc✅ success
Stateless testsRuns stateless functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc✅ success
Stress testRuns stateless functional tests concurrently from several clients to detect concurrency-related errors✅ success
Style checkRuns a set of checks to keep the code style clean. If some of tests failed, see the related log from the report✅ success
Unit testsRuns the unit tests for different release types✅ success
Upgrade checkRuns stress tests on server version from last release and then tries to upgrade it to the version from the PR. It checks if the new server can successfully startup without any errors, crashes or sanitizer asserts✅ success

@vitlibar vitlibar self-assigned this Mar 18, 2024
@vitlibar
Copy link
Member

@pufit Could you explain please how ALTER MODIFY SQL SEQURITY is working now, before this your fix?

@@ -92,6 +90,7 @@ ${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT count() FROM $db.test_view_10

${CLICKHOUSE_CLIENT} --query "ALTER TABLE $db.test_view_10 MODIFY SQL SECURITY INVOKER"
(( $(${CLICKHOUSE_CLIENT} --user $user2 --query "SELECT * FROM $db.test_view_10" 2>&1 | grep -c "Not enough privileges") >= 1 )) && echo "OK" || echo "UNEXPECTED"
${CLICKHOUSE_CLIENT} --query "SHOW CREATE TABLE $db.test_view_10" | grep -c "SQL SECURITY INVOKER"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What will this line show if we run this test without this your fix?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0, because ALTER hadn't overridden the table's DDL properly. I missed it in the test because the table itself behaved correctly (see test on the line above), but all ALTER's changes were lost after restart.

else if (s_modify_definer.ignore(pos, expected))
{
/// Same hack here
pos -= 1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this hack here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s_modify_definer moves the current position to

ALTER TABLE MODIFY DEFINER = pufit
                          /\                                     

but the ParserSQLSecurity takes AST DEFINER = ... [SQL SECURITY ...] or SQL SECURITY ... [DEFINER = ...]
So, in order to reuse this parser, we need to move the current position one step back.

ALTER TABLE MODIFY DEFINER = pufit
                 /\                                     

The crash in the linked issue happened because ASTSQLSecurity::formatImpl returns a canonical form DEFINER = ... SQL SECURITY DEFINER, so the ALTER query ALTER TABLE ... MODIFY SQL SECURITY DEFINER = pufit changes after format into ALTER TABLE ... MODIFY DEFINER = pufit SQL SECURITY DEFINER and can't be parsed again.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a bit too hacky, it seems better to modify ParserSQLSecurity and add there a parameter to its constructor which would allow to disable parsing either the DEFINER or SQL SECURITY keyword.

@vitlibar
Copy link
Member

Please resolve the conflict.

@alexey-milovidov
Copy link
Member

@pufit check this:

Stateless tests (release, analyzer, s3, DatabaseReplicated) [4/4] — fail: 1, passed: 1496, skipped: 27

@pufit
Copy link
Member Author

pufit commented Mar 25, 2024

@pufit check this:

Stateless tests (release, analyzer, s3, DatabaseReplicated) [4/4] — fail: 1, passed: 1496, skipped: 27

The problem with a replicated database is that we can't create users on all instances in our stateless tests.

@robot-ch-test-poll3 robot-ch-test-poll3 added the pr-backports-created Backport PRs are successfully created, it won't be processed by CI script anymore label Mar 27, 2024
robot-ch-test-poll3 added a commit that referenced this pull request Mar 27, 2024
Backport #61480 to 24.2: Fix ALTER QUERY MODIFY SQL SECURITY
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr-backports-created Backport PRs are successfully created, it won't be processed by CI script anymore pr-backports-created-cloud pr-bugfix Pull request with bugfix, not backported by default pr-must-backport Pull request should be backported intentionally. Use this label with great care! pr-must-backport-cloud pr-synced-to-cloud The PR is synced to the cloud repo
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Clickhouse 24.2.1.2248 crashes during startup
5 participants