| blob | 58b21c4d6a8b0b2787d59da2f4ef85aeddd33597 |
1 /*-------------------------------------------------------------------------
2 *
3 * String-processing utility routines for frontend code
4 *
5 * Assorted utility functions that are useful in constructing SQL queries
6 * and interpreting backend output.
7 *
8 *
9 * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
10 * Portions Copyright (c) 1994, Regents of the University of California
11 *
12 * src/fe_utils/string_utils.c
13 *
14 *-------------------------------------------------------------------------
15 */
18 #include <ctype.h>
25 /* Globals exported by this file */
30 /*
31 * Returns a temporary PQExpBuffer, valid until the next call to the function.
32 * This is used by fmtId and fmtQualifiedId.
33 *
34 * Non-reentrant and non-thread-safe but reduces memory leakage. You can
35 * replace this with a custom version by setting the getLocalPQExpBuffer
36 * function pointer.
37 */
38 static PQExpBuffer
40 {
44 {
45 /* same buffer, just wipe contents */
47 }
48 else
49 {
50 /* new buffer */
52 }
55 }
57 /*
58 * Quotes input string if it's not a legitimate SQL identifier as-is.
59 *
60 * Note that the returned string must be used before calling fmtId again,
61 * since we re-use the same return buffer each time.
62 */
65 {
71 /*
72 * These checks need to match the identifier production in scan.l. Don't
73 * use islower() etc.
74 */
77 /* slightly different rules for first character */
80 else
81 {
82 /* otherwise check the entire string */
84 {
88 {
91 }
92 }
93 }
96 {
97 /*
98 * Check for keyword. We quote keywords except for unreserved ones.
99 * (In some cases we could avoid quoting a col_name or type_func_name
100 * keyword, but it seems much harder than it's worth to tell that.)
101 *
102 * Note: ScanKeywordLookup() does case-insensitive comparison, but
103 * that's fine, since we already know we have all-lower-case.
104 */
109 }
112 {
113 /* no quoting needed */
115 }
116 else
117 {
120 {
121 /*
122 * Did we find a double-quote in the string? Then make this a
123 * double double-quote per SQL99. Before, we put in a
124 * backslash/double-quote pair. - thomas 2000-08-05
125 */
129 }
131 }
134 }
136 /*
137 * fmtQualifiedId - construct a schema-qualified name, with quoting as needed.
138 *
139 * Like fmtId, use the result before calling again.
140 *
141 * Since we call fmtId and it also uses getLocalPQExpBuffer() we cannot
142 * use that buffer until we're finished with calling fmtId().
143 */
146 {
147 PQExpBuffer id_return;
150 /* Some callers might fail to provide a schema name */
152 {
154 }
163 }
166 /*
167 * Format a Postgres version number (in the PG_VERSION_NUM integer format
168 * returned by PQserverVersion()) as a string. This exists mainly to
169 * encapsulate knowledge about two-part vs. three-part version numbers.
170 *
171 * For reentrancy, caller must supply the buffer the string is put in.
172 * Recommended size of the buffer is 32 bytes.
173 *
174 * Returns address of 'buf', as a notational convenience.
175 */
179 {
181 {
182 /* New two-part style */
186 else
188 }
189 else
190 {
191 /* Old three-part style */
196 else
199 }
201 }
204 /*
205 * Convert a string value to an SQL string literal and append it to
206 * the given buffer. We assume the specified client_encoding and
207 * standard_conforming_strings settings.
208 *
209 * This is essentially equivalent to libpq's PQescapeStringInternal,
210 * except for the output buffer structure. We need it in situations
211 * where we do not have a PGconn available. Where we do,
212 * appendStringLiteralConn is a better choice.
213 */
214 void
217 {
229 {
234 /* Fast path for plain ASCII */
236 {
237 /* Apply quoting if needed */
240 /* Copy the character */
242 source++;
244 }
246 /* Slow path for possible multibyte characters */
249 /* Copy the character */
251 {
255 }
257 /*
258 * If we hit premature end of string (ie, incomplete multibyte
259 * character), try to pad out to the correct length with spaces. We
260 * may not be able to pad completely, but we will always be able to
261 * insert at least one pad space (since we'd not have quoted a
262 * multibyte character). This should be enough to make a string that
263 * the server will error out on.
264 */
266 {
270 {
274 }
276 }
277 }
279 /* Write the terminating quote and NUL character. */
284 }
287 /*
288 * Convert a string value to an SQL string literal and append it to
289 * the given buffer. Encoding and string syntax rules are as indicated
290 * by current settings of the PGconn.
291 */
292 void
294 {
297 /*
298 * XXX This is a kluge to silence escape_string_warning in our utility
299 * programs. It should go away someday.
300 */
302 {
303 /* ensure we are not adjacent to an identifier */
309 }
310 /* XXX end kluge */
318 }
321 /*
322 * Convert a string value to a dollar quoted literal and append it to
323 * the given buffer. If the dqprefix parameter is not NULL then the
324 * dollar quote delimiter will begin with that (after the opening $).
325 *
326 * No escaping is done at all on str, in compliance with the rules
327 * for parsing dollar quoted strings. Also, we need not worry about
328 * encoding issues.
329 */
330 void
332 {
337 /* start with $ + dqprefix if not NULL */
342 /*
343 * Make sure we choose a delimiter which (without the trailing $) is not
344 * present in the string being quoted. We don't check with the trailing $
345 * because a string ending in $foo must not be quoted with $foo$.
346 */
348 {
351 }
353 /* add trailing $ */
356 /* quote it and we are all done */
362 }
365 /*
366 * Convert a bytea value (presented as raw bytes) to an SQL string literal
367 * and append it to the given buffer. We assume the specified
368 * standard_conforming_strings setting.
369 *
370 * This is needed in situations where we do not have a PGconn available.
371 * Where we do, PQescapeByteaConn is a better choice.
372 */
373 void
376 {
382 /*
383 * This implementation is hard-wired to produce hex-format output. We do
384 * not know the server version the output will be loaded into, so making
385 * an intelligent format choice is impossible. It might be better to
386 * always use the old escaped format.
387 */
399 {
404 }
406 /* Write the terminating quote and NUL character. */
411 }
414 /*
415 * Append the given string to the shell command being built in the buffer,
416 * with shell-style quoting as needed to create exactly one argument.
417 *
418 * Forbid LF or CR characters, which have scant practical use beyond designing
419 * security breaches. The Windows command shell is unusable as a conduit for
420 * arguments containing LF or CR characters. A future major release should
421 * reject those characters in CREATE ROLE and CREATE DATABASE, because use
422 * there eventually leads to errors here.
423 *
424 * appendShellString() simply prints an error and dies if LF or CR appears.
425 * appendShellStringNoError() omits those characters from the result, and
426 * returns false if there were any.
427 */
428 void
430 {
432 {
435 str);
437 }
438 }
440 bool
442 {
443 #ifdef WIN32
445 #endif
449 /*
450 * Don't bother with adding quotes if the string is nonempty and clearly
451 * contains only safe characters.
452 */
454 strspn(str, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_./:") == strlen(str))
455 {
458 }
460 #ifndef WIN32
463 {
465 {
468 }
472 else
474 }
478 /*
479 * A Windows system() argument experiences two layers of interpretation.
480 * First, cmd.exe interprets the string. Its behavior is undocumented,
481 * but a caret escapes any byte except LF or CR that would otherwise have
482 * special meaning. Handling of a caret before LF or CR differs between
483 * "cmd.exe /c" and other modes, and it is unusable here.
484 *
485 * Second, the new process parses its command line to construct argv (see
486 * https://msdn.microsoft.com/en-us/library/17w5ykft.aspx). This treats
487 * backslash-double quote sequences specially.
488 */
491 {
493 {
496 }
498 /* Change N backslashes before a double quote to 2N+1 backslashes. */
500 {
502 {
504 backslash_run_length--;
505 }
507 }
509 backslash_run_length++;
510 else
513 /*
514 * Decline to caret-escape the most mundane characters, to ease
515 * debugging and lest we approach the command length limit.
516 */
522 }
524 /*
525 * Change N backslashes at end of argument to 2N backslashes, because they
526 * precede the double quote that terminates the argument.
527 */
529 {
531 backslash_run_length--;
532 }
537 }
540 /*
541 * Append the given string to the buffer, with suitable quoting for passing
542 * the string as a value in a keyword/value pair in a libpq connection string.
543 */
544 void
546 {
550 /*
551 * If the string is one or more plain ASCII characters, no need to quote
552 * it. This is quite conservative, but better safe than sorry.
553 */
556 {
559 {
562 }
564 }
567 {
570 {
571 /* ' and \ must be escaped by to \' and \\ */
576 str++;
577 }
579 }
580 else
582 }
585 /*
586 * Append a psql meta-command that connects to the given database with the
587 * then-current connection's user, host and port.
588 */
589 void
591 {
595 /*
596 * If the name is plain ASCII characters, emit a trivial "\connect "foo"".
597 * For other names, even many not technically requiring it, skip to the
598 * general case. No database has a zero-length name.
599 */
603 {
605 {
608 dbname);
610 }
614 {
616 }
617 }
621 {
622 PQExpBufferData connstr;
630 /*
631 * As long as the name does not contain a newline, SQL identifier
632 * quoting satisfies the psql meta-command parser. Prefer not to
633 * involve psql-interpreted single quotes, which behaved differently
634 * before PostgreSQL 9.2.
635 */
639 }
640 else
643 }
646 /*
647 * Deconstruct the text representation of a 1-dimensional Postgres array
648 * into individual items.
649 *
650 * On success, returns true and sets *itemarray and *nitems to describe
651 * an array of individual strings. On parse failure, returns false;
652 * *itemarray may exist or be NULL.
653 *
654 * NOTE: free'ing itemarray is sufficient to deallocate the working storage.
655 */
656 bool
658 {
664 /*
665 * We expect input in the form of "{item,item,item}" where any item is
666 * either raw data, or surrounded by double quotes (in which case embedded
667 * characters including backslashes and quotes are backslashed).
668 *
669 * We build the result as an array of pointers followed by the actual
670 * string data, all in one malloc block for convenience of deallocation.
671 * The worst-case storage need is not more than one pointer and one
672 * character for each input character (consider "{,,,,,,,,,,}").
673 */
688 {
693 {
698 else
699 {
700 /* process quoted substring */
701 atext++;
703 {
707 {
708 atext++;
711 }
713 }
714 atext++;
715 }
716 }
719 atext++;
720 curitem++;
721 }
726 }
729 /*
730 * Append one element to the text representation of a 1-dimensional Postgres
731 * array.
732 *
733 * The caller must provide the initial '{' and closing '}' of the array.
734 * This function handles all else, including insertion of commas and
735 * quoting of values.
736 *
737 * We assume that typdelim is ','.
738 */
739 void
741 {
748 /* Decide if we need quotes; this should match array_out()'s choices. */
753 else
757 {
759 {
764 /* these match scanner_isspace(): */
767 {
770 }
771 }
772 }
775 {
778 {
784 }
786 }
787 else
789 }
792 /*
793 * Format a reloptions array and append it to the given buffer.
794 *
795 * "prefix" is prepended to the option names; typically it's "" or "toast.".
796 *
797 * Returns false if the reloptions array could not be parsed (in which case
798 * nothing will have been appended to the buffer), or true on success.
799 *
800 * Note: this logic should generally match the backend's flatten_reloptions()
801 * (in adt/ruleutils.c).
802 */
803 bool
806 {
812 {
815 }
818 {
824 /*
825 * Each array element should have the form name=value. If the "=" is
826 * missing for some reason, treat it like an empty value.
827 */
831 {
834 }
835 else
842 /*
843 * In general we need to quote the value; but to avoid unnecessary
844 * clutter, do not quote if it is an identifier that would not need
845 * quoting. (We could also allow numbers, but that is a bit trickier
846 * than it looks --- for example, are leading zeroes significant? We
847 * don't want to assume very much here about what custom reloptions
848 * might mean.)
849 */
852 else
854 }
859 }
862 /*
863 * processSQLNamePattern
864 *
865 * Scan a wildcard-pattern string and generate appropriate WHERE clauses
866 * to limit the set of objects returned. The WHERE clauses are appended
867 * to the already-partially-constructed query in buf. Returns whether
868 * any clause was added.
869 *
870 * conn: connection query will be sent to (consulted for escaping rules).
871 * buf: output parameter.
872 * pattern: user-specified pattern option, or NULL if none ("*" is implied).
873 * have_where: true if caller already emitted "WHERE" (clauses will be ANDed
874 * onto the existing WHERE clause).
875 * force_escape: always quote regexp special characters, even outside
876 * double quotes (else they are quoted only between double quotes).
877 * schemavar: name of query variable to match against a schema-name pattern.
878 * Can be NULL if no schema.
879 * namevar: name of query variable to match against an object-name pattern.
880 * altnamevar: NULL, or name of an alternative variable to match against name.
881 * visibilityrule: clause to use if we want to restrict to visible objects
882 * (for example, "pg_catalog.pg_table_is_visible(p.oid)"). Can be NULL.
883 * dbnamebuf: output parameter receiving the database name portion of the
884 * pattern, if any. Can be NULL.
885 * dotcnt: how many separators were parsed from the pattern, by reference.
886 *
887 * Formatting note: the text already present in buf should end with a newline.
888 * The appended text, if any, will end with one too.
889 */
890 bool
896 {
897 PQExpBufferData schemabuf;
898 PQExpBufferData namebuf;
902 #define WHEREAND() \
904 have_where = true, added_clause = true)
910 {
911 /* Default: select all visible objects */
913 {
916 }
918 }
923 /*
924 * Convert shell-style 'pattern' into the regular expression(s) we want to
925 * execute. Quoting/escaping into SQL literal format will be done below
926 * using appendStringLiteralConn().
927 *
928 * If the caller provided a schemavar, we want to split the pattern on
929 * ".", otherwise not.
930 */
937 /*
938 * Now decide what we need to emit. We may run under a hostile
939 * search_path, so qualify EVERY name. Note there will be a leading "^("
940 * in the patterns in any case.
941 *
942 * We want the regex matches to use the database's default collation where
943 * collation-sensitive behavior is required (for example, which characters
944 * match '\w'). That happened by default before PG v12, but if the server
945 * is >= v12 then we need to force it through explicit COLLATE clauses,
946 * otherwise the "C" collation attached to "name" catalog columns wins.
947 */
949 {
950 /* We have a name pattern, so constrain the namevar(s) */
952 /* Optimize away a "*" pattern */
954 {
957 {
965 altnamevar);
970 }
971 else
972 {
978 }
979 }
980 }
983 {
984 /* We have a schema pattern, so constrain the schemavar */
986 /* Optimize away a "*" pattern */
988 {
995 }
996 }
997 else
998 {
999 /* No schema pattern given, so select only visible objects */
1001 {
1004 }
1005 }
1011 #undef WHEREAND
1012 }
1014 /*
1015 * Transform a possibly qualified shell-style object name pattern into up to
1016 * three SQL-style regular expressions, converting quotes, lower-casing
1017 * unquoted letters, and adjusting shell-style wildcard characters into regexp
1018 * notation.
1019 *
1020 * If the dbnamebuf and schemabuf arguments are non-NULL, and the pattern
1021 * contains two or more dbname/schema/name separators, we parse the portions of
1022 * the pattern prior to the first and second separators into dbnamebuf and
1023 * schemabuf, and the rest into namebuf.
1024 *
1025 * If dbnamebuf is NULL and schemabuf is non-NULL, and the pattern contains at
1026 * least one separator, we parse the first portion into schemabuf and the rest
1027 * into namebuf.
1028 *
1029 * Otherwise, we parse all the pattern into namebuf.
1030 *
1031 * If the pattern contains more dotted parts than buffers to parse into, the
1032 * extra dots will be treated as literal characters and written into the
1033 * namebuf, though they will be counted. Callers should always check the value
1034 * returned by reference in dotcnt and handle this error case appropriately.
1035 *
1036 * We surround the regexps with "^(...)$" to force them to match whole strings,
1037 * as per SQL practice. We have to have parens in case strings contain "|",
1038 * else the "^" and "$" will be bound into the first and last alternatives
1039 * which is not what we want. Whether this is done for dbnamebuf is controlled
1040 * by the want_literal_dbname parameter.
1041 *
1042 * The regexps we parse into the buffers are appended to the data (if any)
1043 * already present. If we parse fewer fields than the number of buffers we
1044 * were given, the extra buffers are unaltered.
1045 *
1046 * encoding: the character encoding for the given pattern
1047 * dbnamebuf: output parameter receiving the database name portion of the
1048 * pattern, if any. Can be NULL.
1049 * schemabuf: output parameter receiving the schema name portion of the
1050 * pattern, if any. Can be NULL.
1051 * namebuf: output parameter receiving the database name portion of the
1052 * pattern, if any. Can be NULL.
1053 * pattern: user-specified pattern option, or NULL if none ("*" is implied).
1054 * force_escape: always quote regexp special characters, even outside
1055 * double quotes (else they are quoted only between double quotes).
1056 * want_literal_dbname: if true, regexp special characters within the database
1057 * name portion of the pattern will not be escaped, nor will the dbname be
1058 * converted into a regular expression.
1059 * dotcnt: output parameter receiving the number of separators parsed from the
1060 * pattern.
1061 */
1062 void
1066 {
1068 PQExpBufferData left_literal;
1069 PQExpBuffer curbuf;
1070 PQExpBuffer maxbuf;
1079 /* callers should never expect "dbname.relname" format */
1091 else
1096 {
1099 }
1100 else
1105 {
1109 {
1111 {
1112 /* emit one quote, stay in inquotes mode */
1116 cp++;
1117 }
1118 else
1120 cp++;
1121 }
1123 {
1129 cp++;
1130 }
1132 {
1136 cp++;
1137 }
1139 {
1143 cp++;
1144 }
1146 {
1151 {
1153 curbuf++;
1156 cp++;
1157 }
1158 else
1160 }
1162 {
1163 /*
1164 * Dollar is always quoted, whether inside quotes or not. The
1165 * reason is that it's allowed in SQL identifiers, so there's a
1166 * significant use-case for treating it literally, while because
1167 * we anchor the pattern automatically there is no use-case for
1168 * having it possess its regexp meaning.
1169 */
1173 cp++;
1174 }
1175 else
1176 {
1177 /*
1178 * Ordinary data character, transfer to pattern
1179 *
1180 * Inside double quotes, or at all times if force_escape is true,
1181 * quote regexp special characters with a backslash to avoid
1182 * regexp errors. Outside quotes, however, let them pass through
1183 * as-is; this lets knowledgeable users build regexp expressions
1184 * that are more powerful than shell-style patterns.
1185 *
1186 * As an exception to that, though, always quote "[]", as that's
1187 * much more likely to be an attempt to write an array type name
1188 * than it is to be the start of a regexp bracket expression.
1189 */
1197 {
1201 }
1202 }
1203 }
1207 {
1210 curbuf--;
1211 }
1214 {
1217 curbuf--;
1218 }
1221 {
1224 else
1227 }
1231 }