Обсуждение: \dP and \dX use ::regclass without "pg_catalog."
I noticed that for \dP+ since 1c5d9270e, regclass is written without
"pg_catalog." (Alvaro and I failed to notice it in 421a2c483, too).
+ if (showNested || pattern)
+ appendPQExpBuffer(&buf,
+ ",\n c3.oid::regclass as \"%s\"",
+ gettext_noop("Parent name"));
+
+ if (showIndexes)
+ appendPQExpBuffer(&buf,
+ ",\n c2.oid::regclass as \"%s\"",
+ gettext_noop("On table"));
\dX is new in v14, and introduced the same issue in ad600bba0 (and modifies it
but not fixed in a4d75c86).
I searched for issues like this, which finds all 4 errors with 1 false positive
in psql/describe.c
|time grep -wF "$(grep -oE 'pg_catalog\.[_[:alpha:]]+' src/bin/psql/describe.c |sed -r 's/^pg_catalog\.//;
/^(char|oid|text|trigger)$/d')" src/bin/psql/describe.c |grep -Ev 'pg_catalog\.|^ *[/ ]\*'
|#include "catalog/pg_am.h"
| ",\n inh.inhparent::regclass as \"%s\"",
| ",\n c2.oid::regclass as \"%s\"",
| " es.stxrelid::regclass) AS \"%s\"",
| "es.stxrelid::regclass) AS \"%s\"",
Tom informs me that this is not considered to be interesting as a security patch.
--
Justin
Вложения
On 2021-Aug-27, Justin Pryzby wrote: > I noticed that for \dP+ since 1c5d9270e, regclass is written without > "pg_catalog." (Alvaro and I failed to notice it in 421a2c483, too). Oops, will fix shortly. -- Álvaro Herrera 39°49'30"S 73°17'W — https://www.EnterpriseDB.com/
=?utf-8?Q?=C3=81lvaro?= Herrera <alvherre@alvh.no-ip.org> writes:
> My point is that it's good to have it, but it would be much better to
> have something bulletproof, which we could use in an automated check
> somewhere (next to stuff like perlcritic, perhaps). I don't know what,
> though.
Meh ... this is mostly cosmetic these days, so I can't get excited
about putting a lot of work into it. We disclaimed search path
bulletproofness for all these queries a long time ago.
I don't object to fixing it in the name of consistency, but that's
not a reason to invest large effort.
regards, tom lane