Class: Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection

Inherits:

Base

Object
Base
Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection

show all

Defined in:: lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb

Overview

The purpose of this analyzer is to validate if tables observed are properly used according to schema used by current connection

Constant Summary collapse

CrossSchemaAccessError =

Class.new(QueryAnalyzerError)

Constants inherited from Base

Base::QueryAnalyzerError

Class Method Summary collapse

.analyze(parsed) ⇒ Object

There is a special case where CREATE VIEW DDL statement can include DML statements.
.enabled? ⇒ Boolean

Methods inherited from Base

analyzer_key, begin!, context, context_key, end!, requires_tracking?, skip_cached?, suppress=, suppress_key, suppress_schema_issues_for_decomposed_tables, suppressed?, with_suppressed

Class Method Details

.analyze(parsed) ⇒ `Object`

There is a special case where CREATE VIEW DDL statement can include DML statements. For this case, select_tables should be empty, to keep the schema consistent between main and ci.

Examples:

CREATE VIEW issues AS SELECT * FROM tickets

Raises:

(CrossSchemaAccessError)

# File 'lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb', line 21

def analyze(parsed)
  # This analyzer requires the PgQuery parsed query to be present
  return unless parsed.pg

  select_tables = QueryAnalyzerHelpers.dml_from_create_view?(parsed) ? [] : parsed.pg.select_tables
  tables = select_tables + parsed.pg.dml_tables
  table_schemas = ::Gitlab::Database::GitlabSchema.table_schemas!(tables)
  return if table_schemas.empty?

  allowed_schemas = ::Gitlab::Database.gitlab_schemas_for_connection(parsed.connection)
  return unless allowed_schemas

  invalid_schemas = table_schemas - allowed_schemas

  return if invalid_schemas.empty?

  schema_list = table_schemas.sort.join(',')

  message = "The query tried to access #{tables} (of #{schema_list}) "
  message += "which is outside of allowed schemas (#{allowed_schemas}) "
  message += "for the current connection '#{Gitlab::Database.db_config_name(parsed.connection)}'"

  raise CrossSchemaAccessError, message
end

.enabled? ⇒ `Boolean`

Returns:

(Boolean)



12
13
14

# File 'lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb', line 12

def enabled?
  true
end