Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong escape method for database name #50

Open
AntoniJakubiak opened this issue Apr 2, 2024 · 2 comments
Open

Wrong escape method for database name #50

AntoniJakubiak opened this issue Apr 2, 2024 · 2 comments

Comments

@AntoniJakubiak
Copy link

AntoniJakubiak commented Apr 2, 2024
edited
Loading

Hi,

Please check this code.

influxdb_fdw/query.cpp

Line 65 in 7bb0e4c

query = "SHOW MEASUREMENTS ON " + std::string(db);

There is no escape for database name, it could not work if database name is for example my-db.

test02=# create extension influxdb_fdw ;
CREATE EXTENSION
test02=# CREATE SERVER influxdb_svr FOREIGN DATA WRAPPER influxdb_fdw OPTIONS (
  dbname 'my-db',  host 'http://172.17.0.1',  port '18086',  version '1');
CREATE SERVER
test02=# CREATE USER MAPPING FOR "xxx" SERVER influxdb_svr OPTIONS (  user 'xxx',  password 'xxx');
CREATE USER MAPPING
test02=# create schema "30d";
CREATE SCHEMA
test02=# IMPORT FOREIGN SCHEMA "30d" FROM SERVER influxdb_svr INTO "30d";
ERROR:  influxdb_fdw : influx-cxx [treatCurlResponse]: Bad request: CODE: invalid, MESSAGE: failed to parse query: found -, expected ; at line 1, char 29

The similar code is used on lines L65, L91, L489.

A similar bug could be also here:

influxdb_fdw/influxdb_fdw.c

Line 4256 in 7bb0e4c

appendStringInfo(&influxql, "SHOW MEASUREMENTS ON %s WITH MEASUREMENT = %s", options->svr_database, tbl_name);

There is also a function influxdb_quote_identifier - but it seems, it is implemented differently than the original InfluxDB quote identifier.

influxdb_fdw/deparse.c

Line 315 in 7bb0e4c

influxdb_quote_identifier(const char *s, char q)

And also in go client.

influxdb_fdw/query.go

Line 162 in 7bb0e4c

Command: "SHOW MEASUREMENTS ON " + dbname,

Kind regards
Antoni Jakubiak
@AntoniJakubiak
Copy link
Author

Here is a link to InfluxDB (go) code for escaping idents:
https://github.com/influxdata/influxql/blob/master/parser.go#L3124
https://github.com/influxdata/influxql/blob/master/parser_test.go#L4259

@weiting1lee
Copy link
Contributor

Dear @AntoniJakubiak ,

Thank you for highlighting the escaping issue with database names in InfluxDB FDW and for your detailed report. We acknowledge the problem and appreciate your contribution to identifying it.
Based on your report, we will investigate this issue further and aim to implement a fix in the next release of InfluxDB FDW.

Thank you once again for your contribution. We look forward to any further insights you might have in the future and appreciate your support in enhancing InfluxDB FDW.

Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AntoniJakubiak @weiting1lee