CDB_Groups_API: Secure search_path
This commit is contained in:
parent
5a12033609
commit
048234cd80
@ -22,7 +22,11 @@ $$
|
|||||||
body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
|
body = '{ "name": "%s", "database_role": "%s" }' % (group_name, group_role)
|
||||||
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
CREATE OR REPLACE
|
CREATE OR REPLACE
|
||||||
FUNCTION @extschema@._CDB_Group_DropGroup_API(group_name text)
|
FUNCTION @extschema@._CDB_Group_DropGroup_API(group_name text)
|
||||||
@ -35,7 +39,11 @@ $$
|
|||||||
|
|
||||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{204, 404}') as response_status" % url
|
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{204, 404}') as response_status" % url
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
CREATE OR REPLACE
|
CREATE OR REPLACE
|
||||||
FUNCTION @extschema@._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
|
FUNCTION @extschema@._CDB_Group_RenameGroup_API(old_group_name text, new_group_name text, new_group_role text)
|
||||||
@ -48,7 +56,11 @@ $$
|
|||||||
body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
|
body = '{ "name": "%s", "database_role": "%s" }' % (new_group_name, new_group_role)
|
||||||
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
CREATE OR REPLACE
|
CREATE OR REPLACE
|
||||||
FUNCTION @extschema@._CDB_Group_AddUsers_API(group_name text, usernames text[])
|
FUNCTION @extschema@._CDB_Group_AddUsers_API(group_name text, usernames text[])
|
||||||
@ -61,7 +73,11 @@ $$
|
|||||||
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
||||||
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
query = "select @extschema@._CDB_Group_API_Request('POST', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
CREATE OR REPLACE
|
CREATE OR REPLACE
|
||||||
FUNCTION @extschema@._CDB_Group_RemoveUsers_API(group_name text, usernames text[])
|
FUNCTION @extschema@._CDB_Group_RemoveUsers_API(group_name text, usernames text[])
|
||||||
@ -74,7 +90,11 @@ $$
|
|||||||
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
body = "{ \"users\": [\"%s\"] }" % "\",\"".join(usernames)
|
||||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '%s', '{200, 404}') as response_status" % (url, body)
|
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '%s', '{200, 404}') as response_status" % (url, body)
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
DO LANGUAGE 'plpgsql' $$
|
DO LANGUAGE 'plpgsql' $$
|
||||||
BEGIN
|
BEGIN
|
||||||
@ -95,7 +115,11 @@ $$
|
|||||||
body = '{ "access": "%s" }' % access
|
body = '{ "access": "%s" }' % access
|
||||||
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
query = "select @extschema@._CDB_Group_API_Request('PUT', '%s', '%s', '{200, 409}') as response_status" % (url, body)
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
DO LANGUAGE 'plpgsql' $$
|
DO LANGUAGE 'plpgsql' $$
|
||||||
BEGIN
|
BEGIN
|
||||||
@ -115,7 +139,11 @@ $$
|
|||||||
url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
|
url = '/api/v1/databases/{0}/groups/%s/permission/%s/tables/%s' % (urllib.pathname2url(group_name), username, table_name)
|
||||||
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
|
query = "select @extschema@._CDB_Group_API_Request('DELETE', '%s', '', '{200, 404}') as response_status" % url
|
||||||
plpy.execute(query)
|
plpy.execute(query)
|
||||||
$$ LANGUAGE 'plpythonu' VOLATILE PARALLEL UNSAFE SECURITY DEFINER;
|
$$ LANGUAGE 'plpythonu'
|
||||||
|
VOLATILE
|
||||||
|
PARALLEL UNSAFE
|
||||||
|
SECURITY DEFINER
|
||||||
|
SET search_path = pg_temp;
|
||||||
|
|
||||||
DO LANGUAGE 'plpgsql' $$
|
DO LANGUAGE 'plpgsql' $$
|
||||||
BEGIN
|
BEGIN
|
||||||
|
Loading…
Reference in New Issue
Block a user