| blob | 3efee4e7eed7f4c5c94e74182151ca4a07d5fa6c |
1 /*-------------------------------------------------------------------------
2 *
3 * String-processing utility routines for frontend code
4 *
5 * Assorted utility functions that are useful in constructing SQL queries
6 * and interpreting backend output.
7 *
8 *
9 * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
10 * Portions Copyright (c) 1994, Regents of the University of California
11 *
12 * src/fe_utils/string_utils.c
13 *
14 *-------------------------------------------------------------------------
15 */
18 #include <ctype.h>
25 /* Globals exported by this file */
30 /*
31 * Returns a temporary PQExpBuffer, valid until the next call to the function.
32 * This is used by fmtId and fmtQualifiedId.
33 *
34 * Non-reentrant and non-thread-safe but reduces memory leakage. You can
35 * replace this with a custom version by setting the getLocalPQExpBuffer
36 * function pointer.
37 */
38 static PQExpBuffer
40 {
44 {
45 /* same buffer, just wipe contents */
47 }
48 else
49 {
50 /* new buffer */
52 }
55 }
57 /*
58 * Quotes input string if it's not a legitimate SQL identifier as-is.
59 *
60 * Note that the returned string must be used before calling fmtId again,
61 * since we re-use the same return buffer each time.
62 */
65 {
71 /*
72 * These checks need to match the identifier production in scan.l. Don't
73 * use islower() etc.
74 */
77 /* slightly different rules for first character */
80 else
81 {
82 /* otherwise check the entire string */
84 {
88 {
91 }
92 }
93 }
96 {
97 /*
98 * Check for keyword. We quote keywords except for unreserved ones.
99 * (In some cases we could avoid quoting a col_name or type_func_name
100 * keyword, but it seems much harder than it's worth to tell that.)
101 *
102 * Note: ScanKeywordLookup() does case-insensitive comparison, but
103 * that's fine, since we already know we have all-lower-case.
104 */
109 }
112 {
113 /* no quoting needed */
115 }
116 else
117 {
120 {
121 /*
122 * Did we find a double-quote in the string? Then make this a
123 * double double-quote per SQL99. Before, we put in a
124 * backslash/double-quote pair. - thomas 2000-08-05
125 */
129 }
131 }
134 }
136 /*
137 * fmtQualifiedId - construct a schema-qualified name, with quoting as needed.
138 *
139 * Like fmtId, use the result before calling again.
140 *
141 * Since we call fmtId and it also uses getLocalPQExpBuffer() we cannot
142 * use that buffer until we're finished with calling fmtId().
143 */
146 {
147 PQExpBuffer id_return;
150 /* Some callers might fail to provide a schema name */
152 {
154 }
163 }
166 /*
167 * Format a Postgres version number (in the PG_VERSION_NUM integer format
168 * returned by PQserverVersion()) as a string. This exists mainly to
169 * encapsulate knowledge about two-part vs. three-part version numbers.
170 *
171 * For reentrancy, caller must supply the buffer the string is put in.
172 * Recommended size of the buffer is 32 bytes.
173 *
174 * Returns address of 'buf', as a notational convenience.
175 */
179 {
181 {
182 /* New two-part style */
186 else
188 }
189 else
190 {
191 /* Old three-part style */
196 else
199 }
201 }
204 /*
205 * Convert a string value to an SQL string literal and append it to
206 * the given buffer. We assume the specified client_encoding and
207 * standard_conforming_strings settings.
208 *
209 * This is essentially equivalent to libpq's PQescapeStringInternal,
210 * except for the output buffer structure. We need it in situations
211 * where we do not have a PGconn available. Where we do,
212 * appendStringLiteralConn is a better choice.
213 */
214 void
217 {
229 {
234 /* Fast path for plain ASCII */
236 {
237 /* Apply quoting if needed */
240 /* Copy the character */
242 source++;
244 }
246 /* Slow path for possible multibyte characters */
249 /* Copy the character */
251 {
255 }
257 /*
258 * If we hit premature end of string (ie, incomplete multibyte
259 * character), try to pad out to the correct length with spaces. We
260 * may not be able to pad completely, but we will always be able to
261 * insert at least one pad space (since we'd not have quoted a
262 * multibyte character). This should be enough to make a string that
263 * the server will error out on.
264 */
266 {
270 {
274 }
276 }
277 }
279 /* Write the terminating quote and NUL character. */
284 }
287 /*
288 * Convert a string value to an SQL string literal and append it to
289 * the given buffer. Encoding and string syntax rules are as indicated
290 * by current settings of the PGconn.
291 */
292 void
294 {
297 /*
298 * XXX This is a kluge to silence escape_string_warning in our utility
299 * programs. It should go away someday.
300 */
302 {
303 /* ensure we are not adjacent to an identifier */
309 }
310 /* XXX end kluge */
318 }
321 /*
322 * Convert a string value to a dollar quoted literal and append it to
323 * the given buffer. If the dqprefix parameter is not NULL then the
324 * dollar quote delimiter will begin with that (after the opening $).
325 *
326 * No escaping is done at all on str, in compliance with the rules
327 * for parsing dollar quoted strings. Also, we need not worry about
328 * encoding issues.
329 */
330 void
332 {
337 /* start with $ + dqprefix if not NULL */
342 /*
343 * Make sure we choose a delimiter which (without the trailing $) is not
344 * present in the string being quoted. We don't check with the trailing $
345 * because a string ending in $foo must not be quoted with $foo$.
346 */
348 {
351 }
353 /* add trailing $ */
356 /* quote it and we are all done */
362 }
365 /*
366 * Convert a bytea value (presented as raw bytes) to an SQL string literal
367 * and append it to the given buffer. We assume the specified
368 * standard_conforming_strings setting.
369 *
370 * This is needed in situations where we do not have a PGconn available.
371 * Where we do, PQescapeByteaConn is a better choice.
372 */
373 void
376 {
382 /*
383 * This implementation is hard-wired to produce hex-format output. We do
384 * not know the server version the output will be loaded into, so making
385 * an intelligent format choice is impossible. It might be better to
386 * always use the old escaped format.
387 */
399 {
404 }
406 /* Write the terminating quote and NUL character. */
411 }
414 /*
415 * Append the given string to the shell command being built in the buffer,
416 * with shell-style quoting as needed to create exactly one argument.
417 *
418 * Forbid LF or CR characters, which have scant practical use beyond designing
419 * security breaches. The Windows command shell is unusable as a conduit for
420 * arguments containing LF or CR characters. A future major release should
421 * reject those characters in CREATE ROLE and CREATE DATABASE, because use
422 * there eventually leads to errors here.
423 *
424 * appendShellString() simply prints an error and dies if LF or CR appears.
425 * appendShellStringNoError() omits those characters from the result, and
426 * returns false if there were any.
427 */
428 void
430 {
432 {
435 str);
437 }
438 }
440 bool
442 {
443 #ifdef WIN32
445 #endif
449 /*
450 * Don't bother with adding quotes if the string is nonempty and clearly
451 * contains only safe characters.
452 */
454 strspn(str, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_./:") == strlen(str))
455 {
458 }
460 #ifndef WIN32
463 {
465 {
468 }
472 else
474 }
478 /*
479 * A Windows system() argument experiences two layers of interpretation.
480 * First, cmd.exe interprets the string. Its behavior is undocumented,
481 * but a caret escapes any byte except LF or CR that would otherwise have
482 * special meaning. Handling of a caret before LF or CR differs between
483 * "cmd.exe /c" and other modes, and it is unusable here.
484 *
485 * Second, the new process parses its command line to construct argv (see
486 * https://msdn.microsoft.com/en-us/library/17w5ykft.aspx). This treats
487 * backslash-double quote sequences specially.
488 */
491 {
493 {
496 }
498 /* Change N backslashes before a double quote to 2N+1 backslashes. */
500 {
502 {
504 backslash_run_length--;
505 }
507 }
509 backslash_run_length++;
510 else
513 /*
514 * Decline to caret-escape the most mundane characters, to ease
515 * debugging and lest we approach the command length limit.
516 */
522 }
524 /*
525 * Change N backslashes at end of argument to 2N backslashes, because they
526 * precede the double quote that terminates the argument.
527 */
529 {
531 backslash_run_length--;
532 }
537 }
540 /*
541 * Append the given string to the buffer, with suitable quoting for passing
542 * the string as a value in a keyword/value pair in a libpq connection string.
543 */
544 void
546 {
550 /*
551 * If the string is one or more plain ASCII characters, no need to quote
552 * it. This is quite conservative, but better safe than sorry.
553 */
556 {
559 {
562 }
564 }
567 {
570 {
571 /* ' and \ must be escaped by to \' and \\ */
576 str++;
577 }
579 }
580 else
582 }
585 /*
586 * Append a psql meta-command that connects to the given database with the
587 * then-current connection's user, host and port.
588 */
589 void
591 {
595 /*
596 * If the name is plain ASCII characters, emit a trivial "\connect "foo"".
597 * For other names, even many not technically requiring it, skip to the
598 * general case. No database has a zero-length name.
599 */
603 {
605 {
608 dbname);
610 }
614 {
616 }
617 }
621 {
622 PQExpBufferData connstr;
630 /*
631 * As long as the name does not contain a newline, SQL identifier
632 * quoting satisfies the psql meta-command parser. Prefer not to
633 * involve psql-interpreted single quotes, which behaved differently
634 * before PostgreSQL 9.2.
635 */
639 }
640 else
643 }
646 /*
647 * Deconstruct the text representation of a 1-dimensional Postgres array
648 * into individual items.
649 *
650 * On success, returns true and sets *itemarray and *nitems to describe
651 * an array of individual strings. On parse failure, returns false;
652 * *itemarray may exist or be NULL.
653 *
654 * NOTE: free'ing itemarray is sufficient to deallocate the working storage.
655 */
656 bool
658 {
664 /*
665 * We expect input in the form of "{item,item,item}" where any item is
666 * either raw data, or surrounded by double quotes (in which case embedded
667 * characters including backslashes and quotes are backslashed).
668 *
669 * We build the result as an array of pointers followed by the actual
670 * string data, all in one malloc block for convenience of deallocation.
671 * The worst-case storage need is not more than one pointer and one
672 * character for each input character (consider "{,,,,,,,,,,}").
673 */
688 {
693 {
698 else
699 {
700 /* process quoted substring */
701 atext++;
703 {
707 {
708 atext++;
711 }
713 }
714 atext++;
715 }
716 }
719 atext++;
720 curitem++;
721 }
726 }
729 /*
730 * Format a reloptions array and append it to the given buffer.
731 *
732 * "prefix" is prepended to the option names; typically it's "" or "toast.".
733 *
734 * Returns false if the reloptions array could not be parsed (in which case
735 * nothing will have been appended to the buffer), or true on success.
736 *
737 * Note: this logic should generally match the backend's flatten_reloptions()
738 * (in adt/ruleutils.c).
739 */
740 bool
743 {
749 {
753 }
756 {
762 /*
763 * Each array element should have the form name=value. If the "=" is
764 * missing for some reason, treat it like an empty value.
765 */
769 {
772 }
773 else
780 /*
781 * In general we need to quote the value; but to avoid unnecessary
782 * clutter, do not quote if it is an identifier that would not need
783 * quoting. (We could also allow numbers, but that is a bit trickier
784 * than it looks --- for example, are leading zeroes significant? We
785 * don't want to assume very much here about what custom reloptions
786 * might mean.)
787 */
790 else
792 }
798 }
801 /*
802 * processSQLNamePattern
803 *
804 * Scan a wildcard-pattern string and generate appropriate WHERE clauses
805 * to limit the set of objects returned. The WHERE clauses are appended
806 * to the already-partially-constructed query in buf. Returns whether
807 * any clause was added.
808 *
809 * conn: connection query will be sent to (consulted for escaping rules).
810 * buf: output parameter.
811 * pattern: user-specified pattern option, or NULL if none ("*" is implied).
812 * have_where: true if caller already emitted "WHERE" (clauses will be ANDed
813 * onto the existing WHERE clause).
814 * force_escape: always quote regexp special characters, even outside
815 * double quotes (else they are quoted only between double quotes).
816 * schemavar: name of query variable to match against a schema-name pattern.
817 * Can be NULL if no schema.
818 * namevar: name of query variable to match against an object-name pattern.
819 * altnamevar: NULL, or name of an alternative variable to match against name.
820 * visibilityrule: clause to use if we want to restrict to visible objects
821 * (for example, "pg_catalog.pg_table_is_visible(p.oid)"). Can be NULL.
822 *
823 * Formatting note: the text already present in buf should end with a newline.
824 * The appended text, if any, will end with one too.
825 */
826 bool
831 {
832 PQExpBufferData schemabuf;
833 PQExpBufferData namebuf;
836 #define WHEREAND() \
838 have_where = true, added_clause = true)
841 {
842 /* Default: select all visible objects */
844 {
847 }
849 }
854 /*
855 * Convert shell-style 'pattern' into the regular expression(s) we want to
856 * execute. Quoting/escaping into SQL literal format will be done below
857 * using appendStringLiteralConn().
858 */
862 /*
863 * Now decide what we need to emit. We may run under a hostile
864 * search_path, so qualify EVERY name. Note there will be a leading "^("
865 * in the patterns in any case.
866 *
867 * We want the regex matches to use the database's default collation where
868 * collation-sensitive behavior is required (for example, which characters
869 * match '\w'). That happened by default before PG v12, but if the server
870 * is >= v12 then we need to force it through explicit COLLATE clauses,
871 * otherwise the "C" collation attached to "name" catalog columns wins.
872 */
874 {
875 /* We have a name pattern, so constrain the namevar(s) */
877 /* Optimize away a "*" pattern */
879 {
882 {
890 altnamevar);
895 }
896 else
897 {
903 }
904 }
905 }
908 {
909 /* We have a schema pattern, so constrain the schemavar */
911 /* Optimize away a "*" pattern */
913 {
920 }
921 }
922 else
923 {
924 /* No schema pattern given, so select only visible objects */
926 {
929 }
930 }
936 #undef WHEREAND
937 }
939 /*
940 * Transform a possibly qualified shell-style object name pattern into up to
941 * three SQL-style regular expressions, converting quotes, lower-casing
942 * unquoted letters, and adjusting shell-style wildcard characters into regexp
943 * notation.
944 *
945 * If the dbnamebuf and schemabuf arguments are non-NULL, and the pattern
946 * contains two or more dbname/schema/name separators, we parse the portions of
947 * the pattern prior to the first and second separators into dbnamebuf and
948 * schemabuf, and the rest into namebuf. (Additional dots in the name portion
949 * are not treated as special.)
950 *
951 * If dbnamebuf is NULL and schemabuf is non-NULL, and the pattern contains at
952 * least one separator, we parse the first portion into schemabuf and the rest
953 * into namebuf.
954 *
955 * Otherwise, we parse all the pattern into namebuf.
956 *
957 * We surround the regexps with "^(...)$" to force them to match whole strings,
958 * as per SQL practice. We have to have parens in case strings contain "|",
959 * else the "^" and "$" will be bound into the first and last alternatives
960 * which is not what we want.
961 *
962 * The regexps we parse into the buffers are appended to the data (if any)
963 * already present. If we parse fewer fields than the number of buffers we
964 * were given, the extra buffers are unaltered.
965 */
966 void
969 {
971 PQExpBuffer curbuf;
972 PQExpBuffer maxbuf;
980 /* callers should never expect "dbname.relname" format */
990 else
997 {
1001 {
1003 {
1004 /* emit one quote, stay in inquotes mode */
1006 cp++;
1007 }
1008 else
1010 cp++;
1011 }
1013 {
1016 cp++;
1017 }
1019 {
1021 cp++;
1022 }
1024 {
1026 cp++;
1027 }
1029 /*
1030 * When we find a dbname/schema/name separator, we treat it specially
1031 * only if the caller requested more patterns to be parsed than we
1032 * have already parsed from the pattern. Otherwise, dot characters
1033 * are not special.
1034 */
1036 {
1038 curbuf++;
1041 cp++;
1042 }
1044 {
1045 /*
1046 * Dollar is always quoted, whether inside quotes or not. The
1047 * reason is that it's allowed in SQL identifiers, so there's a
1048 * significant use-case for treating it literally, while because
1049 * we anchor the pattern automatically there is no use-case for
1050 * having it possess its regexp meaning.
1051 */
1053 cp++;
1054 }
1055 else
1056 {
1057 /*
1058 * Ordinary data character, transfer to pattern
1059 *
1060 * Inside double quotes, or at all times if force_escape is true,
1061 * quote regexp special characters with a backslash to avoid
1062 * regexp errors. Outside quotes, however, let them pass through
1063 * as-is; this lets knowledgeable users build regexp expressions
1064 * that are more powerful than shell-style patterns.
1065 *
1066 * As an exception to that, though, always quote "[]", as that's
1067 * much more likely to be an attempt to write an array type name
1068 * than it is to be the start of a regexp bracket expression.
1069 */
1078 }
1079 }
1086 {
1087 curbuf--;
1092 {
1093 curbuf--;
1096 }
1097 }
1098 }