Release 0.31.0

Sec definer

Makefile

@@ -1,7 +1,7 @@
 # cartodb/Makefile
 
 EXTENSION = cartodb
-EXTVERSION = 0.30.0
+EXTVERSION = 0.31.0
 
 SED = sed
 AWK = awk
@@ -103,6 +103,7 @@ UPGRADABLE = \
   0.28.1 \
   0.29.0 \
   0.30.0 \
+  0.31.0 \
   $(EXTVERSION)dev \
   $(EXTVERSION)next \
   $(END)

NEWS.md

@@ -1,3 +1,7 @@
+0.31.0 (2019-10-08)
+* Ghost tables: Add missing tags (#370)
+* Set search_path in security definer functions.
+
 0.30.0 (2019-07-17)
 * Added new admin functions to connect CARTO with user FDW's (#369)
 

scripts-available/CDB_AnalysisCheck.sql

@@ -6,8 +6,11 @@ $$
 BEGIN
   RETURN @extschema@.CDB_Conf_GetConf('analysis_quota_factor')::text::float8;
 END;
-$$
-LANGUAGE 'plpgsql' STABLE PARALLEL SAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpgsql'
+    STABLE
+    PARALLEL SAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 
 -- Get the factor (fraction of the quota) for Camshaft cached analysis tables

scripts-available/CDB_EstimateRowCount.sql

@@ -12,7 +12,12 @@ BEGIN
     EXECUTE Format('ANALYZE %s;', reloid);
   END IF;
 END
-$$ LANGUAGE 'plpgsql' VOLATILE STRICT PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpgsql'
+    VOLATILE
+    STRICT
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Return a row count estimate of the result of a query using statistics
 CREATE OR REPLACE FUNCTION @extschema@.CDB_EstimateRowCount(query text)

scripts-available/CDB_ForeignTable.sql

@@ -191,13 +191,13 @@ BEGIN
   -- (not even using IF NOT EXIST to avoid throwing warnings)
   IF NOT EXISTS ( SELECT * FROM pg_extension WHERE extname = 'postgres_fdw') THEN
     CREATE EXTENSION postgres_fdw;
-    RAISE NOTICE 'Created postgres_fdw extension';
+    RAISE NOTICE 'Created postgres_fdw EXTENSION';
   END IF;
   -- Create FDW first if it does not exist
   IF NOT EXISTS ( SELECT * FROM pg_foreign_server WHERE srvname = fdw_objects_name)
     THEN
     EXECUTE FORMAT('CREATE SERVER %I FOREIGN DATA WRAPPER postgres_fdw', fdw_objects_name);
-    RAISE NOTICE 'Created server % using postgres_fdw', fdw_objects_name;
+    RAISE NOTICE 'Created SERVER % using postgres_fdw', fdw_objects_name;
   END IF;
 
   -- Set FDW settings
@@ -214,7 +214,7 @@ BEGIN
     -- Create specific role for this
     IF NOT EXISTS ( SELECT 1 FROM pg_roles WHERE rolname = fdw_objects_name) THEN
        EXECUTE format('CREATE ROLE %I NOLOGIN', fdw_objects_name);
-       RAISE NOTICE 'Created special role % to access the correponding FDW', fdw_objects_name;
+       RAISE NOTICE 'Created special ROLE % to access the correponding FDW', fdw_objects_name;
     END IF;
 
     -- Transfer ownership of the server to the fdw role
@@ -225,7 +225,7 @@ BEGIN
     -- so that we don't need to create a mapping for every user nor store credentials elsewhere
     IF NOT EXISTS ( SELECT * FROM pg_user_mappings WHERE srvname = fdw_objects_name AND usename = 'public' ) THEN
         EXECUTE FORMAT ('CREATE USER MAPPING FOR public SERVER %I', fdw_objects_name);
-        RAISE NOTICE 'Created user mapping for accesing foreign server %', fdw_objects_name;
+        RAISE NOTICE 'Created USER MAPPING for accesing foreign server %', fdw_objects_name;
     END IF;
 
     -- Update user mapping settings
@@ -239,19 +239,19 @@ BEGIN
 
     -- Grant usage on the wrapper and server to the fdw role
     EXECUTE FORMAT ('GRANT USAGE ON FOREIGN DATA WRAPPER postgres_fdw TO %I', fdw_objects_name);
-    RAISE NOTICE 'Granted usage on the postgres_fdw to the role %', fdw_objects_name;
+    RAISE NOTICE 'Granted USAGE on the postgres_fdw to the role %', fdw_objects_name;
     EXECUTE FORMAT ('GRANT USAGE ON FOREIGN SERVER %I TO %I', fdw_objects_name, fdw_objects_name);
-    RAISE NOTICE 'Granted usage on the foreign server to the role %', fdw_objects_name;
+    RAISE NOTICE 'Granted USAGE on the foreign server to the role %', fdw_objects_name;
 
     -- Create schema if it does not exist.
     IF NOT EXISTS ( SELECT * from pg_namespace WHERE nspname=fdw_objects_name) THEN
       EXECUTE FORMAT ('CREATE SCHEMA %I', fdw_objects_name);
-      RAISE NOTICE 'Created schema % to host foreign tables', fdw_objects_name;
+      RAISE NOTICE 'Created SCHEMA % to host foreign tables', fdw_objects_name;
     END IF;
 
     -- Give the fdw role ownership over the schema
     EXECUTE FORMAT ('ALTER SCHEMA %I OWNER TO %I', fdw_objects_name, fdw_objects_name);
-    RAISE NOTICE 'Gave ownership on the schema % to %', fdw_objects_name, fdw_objects_name;
+    RAISE NOTICE 'Gave ownership on the SCHEMA % to %', fdw_objects_name, fdw_objects_name;
 
     -- TODO: Bring here the remote cdb_tablemetadata
 END

scripts-available/CDB_GhostTables.sql

@@ -63,7 +63,11 @@ AS $$
     PERFORM @extschema@._CDB_LinkGhostTables(username, db_name, event_name);
     RAISE NOTICE '_CDB_LinkGhostTables() called with username=%, event_name=%', username, event_name;
   END;
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Trigger function to call CDB_LinkGhostTables()
 CREATE OR REPLACE FUNCTION @extschema@._CDB_LinkGhostTablesTrigger()
@@ -76,7 +80,11 @@ AS $$
     PERFORM @extschema@.CDB_LinkGhostTables(ddl_tag);
     RETURN NULL;
   END;
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Event trigger to save the current transaction in @extschema@.cdb_ddl_execution
 CREATE OR REPLACE FUNCTION @extschema@.CDB_SaveDDLTransaction()
@@ -85,7 +93,11 @@ AS $$
   BEGIN
     INSERT INTO @extschema@.cdb_ddl_execution VALUES (txid_current(), tg_tag) ON CONFLICT ON CONSTRAINT cdb_ddl_execution_pkey DO NOTHING;
   END;
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Creates the trigger on DDL events to link ghost tables
 CREATE OR REPLACE FUNCTION @extschema@.CDB_EnableGhostTablesTrigger()
@@ -106,7 +118,33 @@ AS $$
 
     CREATE EVENT TRIGGER link_ghost_tables
     ON ddl_command_end
-    WHEN TAG IN ('CREATE TABLE', 'SELECT INTO', 'DROP TABLE', 'ALTER TABLE', 'CREATE TRIGGER', 'DROP TRIGGER', 'CREATE VIEW', 'DROP VIEW', 'ALTER VIEW', 'CREATE FOREIGN TABLE', 'ALTER FOREIGN TABLE', 'DROP FOREIGN TABLE')
+    WHEN TAG IN ('CREATE TABLE',
+                'SELECT INTO',
+                'DROP TABLE',
+                'ALTER TABLE',
+
+                'CREATE TRIGGER',
+                'DROP TRIGGER',
+                'ALTER TRIGGER',
+
+                'CREATE VIEW',
+                'DROP VIEW',
+                'ALTER VIEW',
+
+                'CREATE FOREIGN TABLE',
+                'ALTER FOREIGN TABLE',
+                'DROP FOREIGN TABLE',
+
+                'ALTER MATERIALIZED VIEW',
+                'CREATE MATERIALIZED VIEW',
+                'DROP MATERIALIZED VIEW',
+
+                'IMPORT FOREIGN SCHEMA',
+
+                'DROP EXTENSION',
+                'DROP SCHEMA',
+                'DROP SERVER',
+                'DROP TYPE')
     EXECUTE PROCEDURE @extschema@.CDB_SaveDDLTransaction();
   END;
 $$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;

scripts-available/CDB_Groups_API.sql

@@ -22,7 +22,11 @@ $$
     body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
     query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 CREATE OR REPLACE
 FUNCTION @extschema@._CDB_Group_DropGroup_API(group_name text)
@@ -35,7 +39,11 @@ $$
 
     query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{204, 404}') as response_status" % url
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 CREATE OR REPLACE
 FUNCTION @extschema@._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
@@ -48,7 +56,11 @@ $$
     body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
     query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 CREATE OR REPLACE
 FUNCTION @extschema@._CDB_Group_AddUsers_API(group_name text, usernames text[])
@@ -61,7 +73,11 @@ $$
     body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
     query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 CREATE OR REPLACE
 FUNCTION @extschema@._CDB_Group_RemoveUsers_API(group_name text, usernames text[])
@@ -74,7 +90,11 @@ $$
     body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
     query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '%s', '{200, 404}') as response_status" % (url, body)
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 DO LANGUAGE 'plpgsql' $$
 BEGIN
@@ -95,7 +115,11 @@ $$
     body = '{ "access": "%s" }' % access
     query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 DO LANGUAGE 'plpgsql' $$
 BEGIN
@@ -115,7 +139,11 @@ $$
     url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
     query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
     plpy.execute(query)
-$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE 'plpythonu'
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 DO LANGUAGE 'plpgsql' $$
 BEGIN

scripts-available/CDB_OAuth.sql

@@ -1,7 +1,6 @@
 -- Function that reassign the owner of a table to their ownership_role
 CREATE OR REPLACE FUNCTION @extschema@.CDB_OAuthReassignTableOwnerOnCreation()
   RETURNS event_trigger
-  SECURITY DEFINER
   AS $$
 DECLARE
     obj record;
@@ -17,17 +16,21 @@ BEGIN
                   obj.schema_name,
                   obj.object_identity;
       SELECT rolname FROM pg_class JOIN pg_roles ON relowner = pg_roles.oid WHERE pg_class.oid = obj.objid INTO creator_role;
-      SELECT value->>'ownership_role_name' from cdb_conf where key = 'api_keys_' || creator_role INTO owner_role;
+      SELECT value->>'ownership_role_name' from @extschema@.CDB_Conf_GetConf('api_keys_' || quote_ident(creator_role)) value INTO owner_role;
       IF owner_role IS NULL OR owner_role = '' THEN
         CONTINUE;
       ELSE
-        EXECUTE 'ALTER ' || obj.object_type || ' ' || obj.object_identity || ' OWNER TO ' || QUOTE_IDENT(owner_role);
+        EXECUTE 'ALTER ' || obj.object_type || ' ' || obj.object_identity || ' OWNER TO ' || quote_ident(owner_role);
         EXECUTE 'GRANT ALL ON ' || obj.object_identity || ' TO ' || QUOTE_IDENT(creator_role);
         RAISE DEBUG 'Changing ownership from % to %', creator_role, owner_role;
       END IF;
     END LOOP;
 END;
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Creates the trigger on DDL events in order to reassign the owner
 CREATE OR REPLACE FUNCTION @extschema@.CDB_EnableOAuthReassignTablesTrigger()

scripts-available/CDB_Overviews.sql

@@ -318,7 +318,7 @@ $$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE;
 -- This function is declared SECURITY DEFINER so it executes with the privileges
 -- of the function creator to have a chance to alter the privileges of the
 -- overview table to match those of the dataset. It will only perform any change
--- if the overview table belgons to the same scheme as the dataset and it
+-- if the overview table belongs to the same scheme as the dataset and it
 -- matches the scheme naming for overview tables.
 CREATE OR REPLACE FUNCTION @extschema@._CDB_Register_Overview(dataset REGCLASS, overview_table REGCLASS, overview_z INTEGER)
 RETURNS VOID
@@ -362,7 +362,11 @@ AS $$
       -- it should be done here (CDB_Overviews would consume such metadata)
     END IF;
   END
-$$ LANGUAGE PLPGSQL VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE PLPGSQL
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 -- Dataset attributes (column names other than the
 -- CartoDB primary key and geometry columns) which should be aggregated

scripts-available/CDB_TableMetadata.sql

@@ -43,7 +43,7 @@ BEGIN
   );
 
   WITH nv as (
-    SELECT TG_RELID as tabname, NOW() as t
+    SELECT TG_RELID as tabname, now() as t
   ), updated as (
     UPDATE @extschema@.CDB_TableMetadata x SET updated_at = nv.t
     FROM nv WHERE x.tabname = nv.tabname
@@ -55,8 +55,11 @@ BEGIN
 
   RETURN NULL;
 END;
-$$
-LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 --
 -- Trigger invalidating varnish whenever CDB_TableMetadata
@@ -116,8 +119,11 @@ BEGIN
 
   RETURN NULL;
 END;
-$$
-LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;
 
 DROP TRIGGER IF EXISTS table_modified ON @extschema@.CDB_TableMetadata;
 -- NOTE: on DELETE we would be unable to convert the table

scripts-available/CDB_Username.sql

@@ -2,5 +2,9 @@
 CREATE OR REPLACE FUNCTION @extschema@.CDB_Username()
 RETURNS text
 AS $$
-  SELECT @extschema@.CDB_Conf_GetConf(CONCAT('api_keys_', session_user))->>'username';
-$$ LANGUAGE SQL STABLE PARALLEL SAFE SECURITY DEFINER;
+  SELECT @extschema@.CDB_Conf_GetConf(concat('api_keys_', session_user))->>'username';
+$$  LANGUAGE SQL
+    STABLE
+    PARALLEL SAFE
+    SECURITY DEFINER
+    SET search_path = pg_temp;

test/extension/test.sh

@@ -362,7 +362,7 @@ function test_cdb_tablemetadatatouch_fails_from_user_without_permission() {
 
 function test_cdb_tablemetadatatouch_fully_qualifies_names() {
     sql postgres "CREATE TABLE touch_invalidations (table_name text);"
-    sql postgres "create or replace function cartodb.cdb_invalidate_varnish(table_name text) returns void as \$\$ begin insert into touch_invalidations select table_name; end; \$\$ language 'plpgsql';"
+    sql postgres "create or replace function cartodb.cdb_invalidate_varnish(table_name text) returns void as \$\$ begin insert into public.touch_invalidations select table_name; end; \$\$ language 'plpgsql';"
 
     #default schema
     sql "CREATE TABLE touch_example (a int);"