| blob | d5757becef2a729e619946b414ab7c0bf20379c1 |
1 /*-------------------------------------------------------------------------
2 *
3 * String-processing utility routines for frontend code
4 *
5 * Assorted utility functions that are useful in constructing SQL queries
6 * and interpreting backend output.
7 *
8 *
9 * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
10 * Portions Copyright (c) 1994, Regents of the University of California
11 *
12 * src/fe_utils/string_utils.c
13 *
14 *-------------------------------------------------------------------------
15 */
18 #include <ctype.h>
27 /* Globals exported by this file */
32 /*
33 * Returns a temporary PQExpBuffer, valid until the next call to the function.
34 * This is used by fmtId and fmtQualifiedId.
35 *
36 * Non-reentrant and non-thread-safe but reduces memory leakage. You can
37 * replace this with a custom version by setting the getLocalPQExpBuffer
38 * function pointer.
39 */
40 static PQExpBuffer
42 {
46 {
47 /* same buffer, just wipe contents */
49 }
50 else
51 {
52 /* new buffer */
54 }
57 }
59 /*
60 * Quotes input string if it's not a legitimate SQL identifier as-is.
61 *
62 * Note that the returned string must be used before calling fmtId again,
63 * since we re-use the same return buffer each time.
64 */
67 {
73 /*
74 * These checks need to match the identifier production in scan.l. Don't
75 * use islower() etc.
76 */
79 /* slightly different rules for first character */
82 else
83 {
84 /* otherwise check the entire string */
86 {
90 {
93 }
94 }
95 }
98 {
99 /*
100 * Check for keyword. We quote keywords except for unreserved ones.
101 * (In some cases we could avoid quoting a col_name or type_func_name
102 * keyword, but it seems much harder than it's worth to tell that.)
103 *
104 * Note: ScanKeywordLookup() does case-insensitive comparison, but
105 * that's fine, since we already know we have all-lower-case.
106 */
111 }
114 {
115 /* no quoting needed */
117 }
118 else
119 {
122 {
123 /*
124 * Did we find a double-quote in the string? Then make this a
125 * double double-quote per SQL99. Before, we put in a
126 * backslash/double-quote pair. - thomas 2000-08-05
127 */
131 }
133 }
136 }
138 /*
139 * fmtQualifiedId - construct a schema-qualified name, with quoting as needed.
140 *
141 * Like fmtId, use the result before calling again.
142 *
143 * Since we call fmtId and it also uses getLocalPQExpBuffer() we cannot
144 * use that buffer until we're finished with calling fmtId().
145 */
148 {
149 PQExpBuffer id_return;
152 /* Some callers might fail to provide a schema name */
154 {
156 }
165 }
168 /*
169 * Format a Postgres version number (in the PG_VERSION_NUM integer format
170 * returned by PQserverVersion()) as a string. This exists mainly to
171 * encapsulate knowledge about two-part vs. three-part version numbers.
172 *
173 * For reentrancy, caller must supply the buffer the string is put in.
174 * Recommended size of the buffer is 32 bytes.
175 *
176 * Returns address of 'buf', as a notational convenience.
177 */
181 {
183 {
184 /* New two-part style */
188 else
190 }
191 else
192 {
193 /* Old three-part style */
198 else
201 }
203 }
206 /*
207 * Convert a string value to an SQL string literal and append it to
208 * the given buffer. We assume the specified client_encoding and
209 * standard_conforming_strings settings.
210 *
211 * This is essentially equivalent to libpq's PQescapeStringInternal,
212 * except for the output buffer structure. We need it in situations
213 * where we do not have a PGconn available. Where we do,
214 * appendStringLiteralConn is a better choice.
215 */
216 void
219 {
231 {
236 /* Fast path for plain ASCII */
238 {
239 /* Apply quoting if needed */
242 /* Copy the character */
244 source++;
246 }
248 /* Slow path for possible multibyte characters */
251 /* Copy the character */
253 {
257 }
259 /*
260 * If we hit premature end of string (ie, incomplete multibyte
261 * character), try to pad out to the correct length with spaces. We
262 * may not be able to pad completely, but we will always be able to
263 * insert at least one pad space (since we'd not have quoted a
264 * multibyte character). This should be enough to make a string that
265 * the server will error out on.
266 */
268 {
272 {
276 }
278 }
279 }
281 /* Write the terminating quote and NUL character. */
286 }
289 /*
290 * Convert a string value to an SQL string literal and append it to
291 * the given buffer. Encoding and string syntax rules are as indicated
292 * by current settings of the PGconn.
293 */
294 void
296 {
299 /*
300 * XXX This is a kluge to silence escape_string_warning in our utility
301 * programs. It should go away someday.
302 */
304 {
305 /* ensure we are not adjacent to an identifier */
311 }
312 /* XXX end kluge */
320 }
323 /*
324 * Convert a string value to a dollar quoted literal and append it to
325 * the given buffer. If the dqprefix parameter is not NULL then the
326 * dollar quote delimiter will begin with that (after the opening $).
327 *
328 * No escaping is done at all on str, in compliance with the rules
329 * for parsing dollar quoted strings. Also, we need not worry about
330 * encoding issues.
331 */
332 void
334 {
339 /* start with $ + dqprefix if not NULL */
344 /*
345 * Make sure we choose a delimiter which (without the trailing $) is not
346 * present in the string being quoted. We don't check with the trailing $
347 * because a string ending in $foo must not be quoted with $foo$.
348 */
350 {
353 }
355 /* add trailing $ */
358 /* quote it and we are all done */
364 }
367 /*
368 * Convert a bytea value (presented as raw bytes) to an SQL string literal
369 * and append it to the given buffer. We assume the specified
370 * standard_conforming_strings setting.
371 *
372 * This is needed in situations where we do not have a PGconn available.
373 * Where we do, PQescapeByteaConn is a better choice.
374 */
375 void
378 {
384 /*
385 * This implementation is hard-wired to produce hex-format output. We do
386 * not know the server version the output will be loaded into, so making
387 * an intelligent format choice is impossible. It might be better to
388 * always use the old escaped format.
389 */
401 {
406 }
408 /* Write the terminating quote and NUL character. */
413 }
416 /*
417 * Append the given string to the shell command being built in the buffer,
418 * with shell-style quoting as needed to create exactly one argument.
419 *
420 * Forbid LF or CR characters, which have scant practical use beyond designing
421 * security breaches. The Windows command shell is unusable as a conduit for
422 * arguments containing LF or CR characters. A future major release should
423 * reject those characters in CREATE ROLE and CREATE DATABASE, because use
424 * there eventually leads to errors here.
425 *
426 * appendShellString() simply prints an error and dies if LF or CR appears.
427 * appendShellStringNoError() omits those characters from the result, and
428 * returns false if there were any.
429 */
430 void
432 {
434 {
437 str);
439 }
440 }
442 bool
444 {
445 #ifdef WIN32
447 #endif
451 /*
452 * Don't bother with adding quotes if the string is nonempty and clearly
453 * contains only safe characters.
454 */
456 strspn(str, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_./:") == strlen(str))
457 {
460 }
462 #ifndef WIN32
465 {
467 {
470 }
474 else
476 }
480 /*
481 * A Windows system() argument experiences two layers of interpretation.
482 * First, cmd.exe interprets the string. Its behavior is undocumented,
483 * but a caret escapes any byte except LF or CR that would otherwise have
484 * special meaning. Handling of a caret before LF or CR differs between
485 * "cmd.exe /c" and other modes, and it is unusable here.
486 *
487 * Second, the new process parses its command line to construct argv (see
488 * https://msdn.microsoft.com/en-us/library/17w5ykft.aspx). This treats
489 * backslash-double quote sequences specially.
490 */
493 {
495 {
498 }
500 /* Change N backslashes before a double quote to 2N+1 backslashes. */
502 {
504 {
506 backslash_run_length--;
507 }
509 }
511 backslash_run_length++;
512 else
515 /*
516 * Decline to caret-escape the most mundane characters, to ease
517 * debugging and lest we approach the command length limit.
518 */
524 }
526 /*
527 * Change N backslashes at end of argument to 2N backslashes, because they
528 * precede the double quote that terminates the argument.
529 */
531 {
533 backslash_run_length--;
534 }
539 }
542 /*
543 * Append the given string to the buffer, with suitable quoting for passing
544 * the string as a value in a keyword/value pair in a libpq connection string.
545 */
546 void
548 {
552 /*
553 * If the string is one or more plain ASCII characters, no need to quote
554 * it. This is quite conservative, but better safe than sorry.
555 */
558 {
561 {
564 }
566 }
569 {
572 {
573 /* ' and \ must be escaped by to \' and \\ */
578 str++;
579 }
581 }
582 else
584 }
587 /*
588 * Append a psql meta-command that connects to the given database with the
589 * then-current connection's user, host and port.
590 */
591 void
593 {
597 /*
598 * If the name is plain ASCII characters, emit a trivial "\connect "foo"".
599 * For other names, even many not technically requiring it, skip to the
600 * general case. No database has a zero-length name.
601 */
605 {
607 {
610 dbname);
612 }
616 {
618 }
619 }
623 {
624 PQExpBufferData connstr;
632 /*
633 * As long as the name does not contain a newline, SQL identifier
634 * quoting satisfies the psql meta-command parser. Prefer not to
635 * involve psql-interpreted single quotes, which behaved differently
636 * before PostgreSQL 9.2.
637 */
641 }
642 else
645 }
648 /*
649 * Deconstruct the text representation of a 1-dimensional Postgres array
650 * into individual items.
651 *
652 * On success, returns true and sets *itemarray and *nitems to describe
653 * an array of individual strings. On parse failure, returns false;
654 * *itemarray may exist or be NULL.
655 *
656 * NOTE: free'ing itemarray is sufficient to deallocate the working storage.
657 */
658 bool
660 {
666 /*
667 * We expect input in the form of "{item,item,item}" where any item is
668 * either raw data, or surrounded by double quotes (in which case embedded
669 * characters including backslashes and quotes are backslashed).
670 *
671 * We build the result as an array of pointers followed by the actual
672 * string data, all in one malloc block for convenience of deallocation.
673 * The worst-case storage need is not more than one pointer and one
674 * character for each input character (consider "{,,,,,,,,,,}").
675 */
690 {
695 {
700 else
701 {
702 /* process quoted substring */
703 atext++;
705 {
709 {
710 atext++;
713 }
715 }
716 atext++;
717 }
718 }
721 atext++;
722 curitem++;
723 }
728 }
731 /*
732 * Format a reloptions array and append it to the given buffer.
733 *
734 * "prefix" is prepended to the option names; typically it's "" or "toast.".
735 *
736 * Returns false if the reloptions array could not be parsed (in which case
737 * nothing will have been appended to the buffer), or true on success.
738 *
739 * Note: this logic should generally match the backend's flatten_reloptions()
740 * (in adt/ruleutils.c).
741 */
742 bool
745 {
751 {
755 }
758 {
764 /*
765 * Each array element should have the form name=value. If the "=" is
766 * missing for some reason, treat it like an empty value.
767 */
771 {
774 }
775 else
782 /*
783 * In general we need to quote the value; but to avoid unnecessary
784 * clutter, do not quote if it is an identifier that would not need
785 * quoting. (We could also allow numbers, but that is a bit trickier
786 * than it looks --- for example, are leading zeroes significant? We
787 * don't want to assume very much here about what custom reloptions
788 * might mean.)
789 */
792 else
794 }
800 }
803 /*
804 * processSQLNamePattern
805 *
806 * Scan a wildcard-pattern string and generate appropriate WHERE clauses
807 * to limit the set of objects returned. The WHERE clauses are appended
808 * to the already-partially-constructed query in buf. Returns whether
809 * any clause was added.
810 *
811 * conn: connection query will be sent to (consulted for escaping rules).
812 * buf: output parameter.
813 * pattern: user-specified pattern option, or NULL if none ("*" is implied).
814 * have_where: true if caller already emitted "WHERE" (clauses will be ANDed
815 * onto the existing WHERE clause).
816 * force_escape: always quote regexp special characters, even outside
817 * double quotes (else they are quoted only between double quotes).
818 * schemavar: name of query variable to match against a schema-name pattern.
819 * Can be NULL if no schema.
820 * namevar: name of query variable to match against an object-name pattern.
821 * altnamevar: NULL, or name of an alternative variable to match against name.
822 * visibilityrule: clause to use if we want to restrict to visible objects
823 * (for example, "pg_catalog.pg_table_is_visible(p.oid)"). Can be NULL.
824 *
825 * Formatting note: the text already present in buf should end with a newline.
826 * The appended text, if any, will end with one too.
827 */
828 bool
833 {
834 PQExpBufferData schemabuf;
835 PQExpBufferData namebuf;
842 #define WHEREAND() \
844 have_where = true, added_clause = true)
847 {
848 /* Default: select all visible objects */
850 {
853 }
855 }
860 /*
861 * Parse the pattern, converting quotes and lower-casing unquoted letters.
862 * Also, adjust shell-style wildcard characters into regexp notation.
863 *
864 * We surround the pattern with "^(...)$" to force it to match the whole
865 * string, as per SQL practice. We have to have parens in case the string
866 * contains "|", else the "^" and "$" will be bound into the first and
867 * last alternatives which is not what we want.
868 *
869 * Note: the result of this pass is the actual regexp pattern(s) we want
870 * to execute. Quoting/escaping into SQL literal format will be done
871 * below using appendStringLiteralConn().
872 */
879 {
883 {
885 {
886 /* emit one quote, stay in inquotes mode */
888 cp++;
889 }
890 else
892 cp++;
893 }
895 {
898 cp++;
899 }
901 {
903 cp++;
904 }
906 {
908 cp++;
909 }
911 {
912 /* Found schema/name separator, move current pattern to schema */
917 cp++;
918 }
920 {
921 /*
922 * Dollar is always quoted, whether inside quotes or not. The
923 * reason is that it's allowed in SQL identifiers, so there's a
924 * significant use-case for treating it literally, while because
925 * we anchor the pattern automatically there is no use-case for
926 * having it possess its regexp meaning.
927 */
929 cp++;
930 }
931 else
932 {
933 /*
934 * Ordinary data character, transfer to pattern
935 *
936 * Inside double quotes, or at all times if force_escape is true,
937 * quote regexp special characters with a backslash to avoid
938 * regexp errors. Outside quotes, however, let them pass through
939 * as-is; this lets knowledgeable users build regexp expressions
940 * that are more powerful than shell-style patterns.
941 */
947 {
949 cp++;
950 }
951 }
952 }
954 /*
955 * Now decide what we need to emit. We may run under a hostile
956 * search_path, so qualify EVERY name. Note there will be a leading "^("
957 * in the patterns in any case.
958 *
959 * We want the regex matches to use the database's default collation where
960 * collation-sensitive behavior is required (for example, which characters
961 * match '\w'). That happened by default before PG v12, but if the server
962 * is >= v12 then we need to force it through explicit COLLATE clauses,
963 * otherwise the "C" collation attached to "name" catalog columns wins.
964 */
966 {
967 /* We have a name pattern, so constrain the namevar(s) */
970 /* Optimize away a "*" pattern */
972 {
975 {
983 altnamevar);
988 }
989 else
990 {
996 }
997 }
998 }
1001 {
1002 /* We have a schema pattern, so constrain the schemavar */
1005 /* Optimize away a "*" pattern */
1007 {
1014 }
1015 }
1016 else
1017 {
1018 /* No schema pattern given, so select only visible objects */
1020 {
1023 }
1024 }
1030 #undef WHEREAND
1031 }