-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add test to make sure that we can't leak info fooling the planner
- Loading branch information
Showing
3 changed files
with
67 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --setup | ||
| LOAD 'pg_anonymize'; | ||
| CREATE TABLE customer_security( | ||
| id integer, | ||
| name text, | ||
| country text | ||
| ); | ||
| INSERT INTO customer_security VALUES (1, 'Secret Name', 'Taiwan'); | ||
| SECURITY LABEL ON COLUMN customer_security.name IS $$'XXX'::text$$; | ||
| -- mask our own user | ||
| SELECT current_user \gset | ||
| SECURITY LABEL FOR pg_anonymize ON ROLE :current_user IS 'anonymize'; | ||
| SELECT * FROM customer_security; | ||
| id | name | country | ||
| ----+------+--------- | ||
| 1 | XXX | Taiwan | ||
| (1 row) | ||
|
|
||
| -- It shouldn't be possible to access the original fooling the planner | ||
| CREATE FUNCTION leak_info(name text, country text) RETURNS BOOL AS | ||
| $_$ | ||
| BEGIN | ||
| RAISE NOTICE 'saw % - %', name, country; | ||
|
|
||
| RETURN true; | ||
| END; | ||
| $_$ LANGUAGE plpgsql COST 0.0000000000000000000001; | ||
| SELECT * FROM customer_security WHERE leak_info(name, country); | ||
| NOTICE: saw XXX - Taiwan | ||
| id | name | country | ||
| ----+------+--------- | ||
| 1 | XXX | Taiwan | ||
| (1 row) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| --setup | ||
| LOAD 'pg_anonymize'; | ||
|
|
||
| CREATE TABLE customer_security( | ||
| id integer, | ||
| name text, | ||
| country text | ||
| ); | ||
|
|
||
| INSERT INTO customer_security VALUES (1, 'Secret Name', 'Taiwan'); | ||
|
|
||
| SECURITY LABEL ON COLUMN customer_security.name IS $$'XXX'::text$$; | ||
|
|
||
| -- mask our own user | ||
| SELECT current_user \gset | ||
| SECURITY LABEL FOR pg_anonymize ON ROLE :current_user IS 'anonymize'; | ||
|
|
||
| SELECT * FROM customer_security; | ||
|
|
||
| -- It shouldn't be possible to access the original fooling the planner | ||
| CREATE FUNCTION leak_info(name text, country text) RETURNS BOOL AS | ||
| $_$ | ||
| BEGIN | ||
| RAISE NOTICE 'saw % - %', name, country; | ||
|
|
||
| RETURN true; | ||
| END; | ||
| $_$ LANGUAGE plpgsql COST 0.0000000000000000000001; | ||
|
|
||
| SELECT * FROM customer_security WHERE leak_info(name, country); |