From 0898881470175e1d1e90219072d22aa4d4ed6c30 Mon Sep 17 00:00:00 2001
From: Raul Marin <git@rmr.ninja>
Date: Thu, 3 Oct 2019 16:53:02 +0200
Subject: [PATCH] Oauth: Set secure search_path

---
 scripts-available/CDB_OAuth.sql | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts-available/CDB_OAuth.sql b/scripts-available/CDB_OAuth.sql
index f2258f1..330da4d 100644
--- a/scripts-available/CDB_OAuth.sql
+++ b/scripts-available/CDB_OAuth.sql
@@ -1,7 +1,6 @@
 -- Function that reassign the owner of a table to their ownership_role
 CREATE OR REPLACE FUNCTION @extschema@.CDB_OAuthReassignTableOwnerOnCreation()
   RETURNS event_trigger
-  SECURITY DEFINER
   AS $$
 DECLARE
     obj record;
@@ -27,7 +26,11 @@ BEGIN
       END IF;
     END LOOP;
 END;
-$$ LANGUAGE plpgsql VOLATILE PARALLEL UNSAFE;
+$$  LANGUAGE plpgsql
+    VOLATILE
+    PARALLEL UNSAFE
+    SECURITY DEFINER
+    SET search_path = @extschema@, pg_temp;
 
 -- Creates the trigger on DDL events in order to reassign the owner
 CREATE OR REPLACE FUNCTION @extschema@.CDB_EnableOAuthReassignTablesTrigger()