From 303696c3b47e6719e983e93da5896ddc4a2e0dbb Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 3 Sep 2010 01:34:55 +0000 Subject: Install a data-type-based solution for protecting pg_get_expr(). Since the code underlying pg_get_expr() is not secure against malformed input, and can't practically be made so, we need to prevent miscreants from feeding arbitrary data to it. We can do this securely by declaring pg_get_expr() to take a new datatype "pg_node_tree" and declaring the system catalog columns that hold nodeToString output to be of that type. There is no way at SQL level to create a non-null value of type pg_node_tree. Since the backend-internal operations that fill those catalog columns operate below the SQL level, they are oblivious to the datatype relabeling and don't need any changes. --- doc/src/sgml/catalogs.sgml | 25 +++++++++++++------------ doc/src/sgml/func.sgml | 6 +++--- 2 files changed, 16 insertions(+), 15 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index d287e848669..d53477ca47a 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1,4 +1,4 @@ - + @@ -797,7 +797,7 @@ adbin - text + pg_node_tree The internal representation of the column default value @@ -1917,7 +1917,7 @@ conbin - text + pg_node_tree If a check constraint, an internal representation of the expression @@ -2915,7 +2915,7 @@ indexprs - text + pg_node_tree Expression trees (in nodeToString() @@ -2928,7 +2928,7 @@ indpred - text + pg_node_tree Expression tree (in nodeToString() @@ -3980,7 +3980,7 @@ proargdefaults - text + pg_node_tree Expression trees (in nodeToString() representation) @@ -4129,7 +4129,7 @@ ev_qual - text + pg_node_tree Expression tree (in the form of a @@ -4140,7 +4140,7 @@ ev_action - text + pg_node_tree Query tree (in the form of a @@ -4839,7 +4839,7 @@ tgqual - text + pg_node_tree Expression tree (in nodeToString() representation) for the trigger's WHEN condition, or null @@ -5622,10 +5622,11 @@ typdefaultbin - text + pg_node_tree - If typdefaultbin is not null, it is the nodeToString() + If typdefaultbin is not null, it is the + nodeToString() representation of a default expression for the type. This is only used for domains. @@ -5642,7 +5643,7 @@ default expression represented by typdefaultbin. If typdefaultbin is null and typdefault is not, then typdefault is the external representation of - the type's default value, which might be fed to the type's input + the type's default value, which can be fed to the type's input converter to produce a constant. diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 01fbd315b90..8d1015b9f8e 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -1,4 +1,4 @@ - + Functions and Operators @@ -12746,13 +12746,13 @@ SELECT pg_type_is_visible('myschema.widget'::regtype); get definition of a constraint - pg_get_expr(expr_text, relation_oid) + pg_get_expr(pg_node_tree, relation_oid) text decompile internal form of an expression, assuming that any Vars in it refer to the relation indicated by the second parameter - pg_get_expr(expr_text, relation_oid, pretty_bool) + pg_get_expr(pg_node_tree, relation_oid, pretty_bool) text decompile internal form of an expression, assuming that any Vars in it refer to the relation indicated by the second parameter -- cgit v1.2.3