Skip to content

Wrong escape method for database name #50

Open
Open
Wrong escape method for database name#50
@AntoniJakubiak

Description

@AntoniJakubiak
AntoniJakubiak
opened on Apr 2, 2024

Hi,

Please check this code.

influxdb_fdw/query.cpp

Line 65 in 7bb0e4c

query = "SHOW MEASUREMENTS ON " + std::string(db);

There is no escape for database name, it could not work if database name is for example my-db.

test02=# create extension influxdb_fdw ;
CREATE EXTENSION
test02=# CREATE SERVER influxdb_svr FOREIGN DATA WRAPPER influxdb_fdw OPTIONS (
  dbname 'my-db',  host 'http://172.17.0.1',  port '18086',  version '1');
CREATE SERVER
test02=# CREATE USER MAPPING FOR "xxx" SERVER influxdb_svr OPTIONS (  user 'xxx',  password 'xxx');
CREATE USER MAPPING
test02=# create schema "30d";
CREATE SCHEMA
test02=# IMPORT FOREIGN SCHEMA "30d" FROM SERVER influxdb_svr INTO "30d";
ERROR:  influxdb_fdw : influx-cxx [treatCurlResponse]: Bad request: CODE: invalid, MESSAGE: failed to parse query: found -, expected ; at line 1, char 29

The similar code is used on lines L65, L91, L489.

A similar bug could be also here:

influxdb_fdw/influxdb_fdw.c

Line 4256 in 7bb0e4c

appendStringInfo(&influxql, "SHOW MEASUREMENTS ON %s WITH MEASUREMENT = %s", options->svr_database, tbl_name);

There is also a function influxdb_quote_identifier - but it seems, it is implemented differently than the original InfluxDB quote identifier.

influxdb_fdw/deparse.c

Line 315 in 7bb0e4c

influxdb_quote_identifier(const char *s, char q)

And also in go client.

influxdb_fdw/query.go

Line 162 in 7bb0e4c

Command: "SHOW MEASUREMENTS ON " + dbname,

Kind regards
Antoni Jakubiak

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions