The following issues were found
tsl/test/sql/remote_txn_resolve.sql
5 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\c :TEST_DBNAME :ROLE_SUPERUSER
CREATE OR REPLACE FUNCTION create_records()
RETURNS VOID
AS :TSL_MODULE_PATHNAME, 'ts_test_remote_txn_resolve_create_records'
LANGUAGE C;
Reported by SQLint.
Line: 84
Column: 1
-- create additional database and simulate remote txn activity
CREATE DATABASE test_an2;
\c test_an2
BEGIN;
CREATE TABLE unused(id int);
PREPARE TRANSACTION 'ts-1-10-20-30';
\c :TEST_DBNAME :ROLE_SUPERUSER
-- should not fail
Reported by SQLint.
Line: 88
Column: 1
BEGIN;
CREATE TABLE unused(id int);
PREPARE TRANSACTION 'ts-1-10-20-30';
\c :TEST_DBNAME :ROLE_SUPERUSER
-- should not fail
SELECT _timescaledb_internal.remote_txn_heal_data_node((SELECT OID FROM pg_foreign_server WHERE srvname = 'loopback'));
\c test_an2
ROLLBACK PREPARED 'ts-1-10-20-30';
\c :TEST_DBNAME :ROLE_SUPERUSER
Reported by SQLint.
Line: 91
Column: 1
\c :TEST_DBNAME :ROLE_SUPERUSER
-- should not fail
SELECT _timescaledb_internal.remote_txn_heal_data_node((SELECT OID FROM pg_foreign_server WHERE srvname = 'loopback'));
\c test_an2
ROLLBACK PREPARED 'ts-1-10-20-30';
\c :TEST_DBNAME :ROLE_SUPERUSER
DROP DATABASE test_an2;
Reported by SQLint.
Line: 93
Column: 1
SELECT _timescaledb_internal.remote_txn_heal_data_node((SELECT OID FROM pg_foreign_server WHERE srvname = 'loopback'));
\c test_an2
ROLLBACK PREPARED 'ts-1-10-20-30';
\c :TEST_DBNAME :ROLE_SUPERUSER
DROP DATABASE test_an2;
Reported by SQLint.
tsl/test/sql/data_fetcher.sql
5 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\c :TEST_DBNAME :ROLE_CLUSTER_SUPERUSER;
\set DN_DBNAME_1 :TEST_DBNAME _1
\set DN_DBNAME_2 :TEST_DBNAME _2
\set DN_DBNAME_3 :TEST_DBNAME _3
Reported by SQLint.
Line: 7
Column: 1
\c :TEST_DBNAME :ROLE_CLUSTER_SUPERUSER;
\set DN_DBNAME_1 :TEST_DBNAME _1
\set DN_DBNAME_2 :TEST_DBNAME _2
\set DN_DBNAME_3 :TEST_DBNAME _3
\set TEST_BASE_NAME data_fetcher
SELECT format('include/%s_load.sql', :'TEST_BASE_NAME') as "TEST_LOAD_NAME",
Reported by SQLint.
Line: 21
Column: 1
\gset
SET client_min_messages TO warning;
\ir :TEST_LOAD_NAME
\set ECHO errors
SET client_min_messages TO error;
-- Set a smaller fetch size to ensure that the result is split into
Reported by SQLint.
Line: 32
Column: 1
-- run the queries using row by row fetcher
SET timescaledb.remote_data_fetcher = 'rowbyrow';
\set ON_ERROR_STOP 0
\o :TEST_RESULTS_ROW_BY_ROW
\ir :TEST_QUERY_NAME
\o
\set ON_ERROR_STOP 1
Reported by SQLint.
Line: 40
Column: 1
-- run queries using cursor fetcher
SET timescaledb.remote_data_fetcher = 'cursor';
\o :TEST_RESULTS_CURSOR
\ir :TEST_QUERY_NAME
\o
-- compare results
:DIFF_CMD
Reported by SQLint.
test/sql/information_views.sql
5 issues
Line: 20
Column: 1
SELECT * FROM timescaledb_information.hypertables
ORDER BY hypertable_schema, hypertable_name;
\c :TEST_DBNAME :ROLE_SUPERUSER
-- create schema open and hypertable with 3 chunks
CREATE SCHEMA open;
GRANT USAGE ON SCHEMA open TO :ROLE_DEFAULT_PERM_USER;
CREATE TABLE open.open_ht(time TIMESTAMPTZ NOT NULL);
Reported by SQLint.
Line: 40
Column: 1
SELECT * FROM timescaledb_information.hypertables
ORDER BY hypertable_schema, hypertable_name;
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
\set ON_ERROR_STOP 0
\x
SELECT * FROM timescaledb_information.hypertables
ORDER BY hypertable_schema, hypertable_name;
Reported by SQLint.
Line: 60
Column: 1
SELECT * FROM timescaledb_information.hypertables
WHERE owner = 'super_user'
ORDER BY hypertable_schema, hypertable_name;
\x
---Add integer table --
CREATE TABLE test_table_int(time bigint, junk int);
SELECT create_hypertable('test_table_int', 'time', chunk_time_interval => 10);
CREATE OR REPLACE function table_int_now() returns BIGINT LANGUAGE SQL IMMUTABLE as 'SELECT 1::BIGINT';
Reported by SQLint.
Line: 72
Column: 1
SELECT * FROM timescaledb_information.chunks WHERE hypertable_name = 'ht1' ORDER BY chunk_name;
SELECT * FROM timescaledb_information.chunks WHERE hypertable_name = 'test_table_int' ORDER BY chunk_name;
\x
SELECT * FROM timescaledb_information.dimensions ORDER BY hypertable_name, dimension_number;
\x
Reported by SQLint.
Line: 74
Column: 1
\x
SELECT * FROM timescaledb_information.dimensions ORDER BY hypertable_name, dimension_number;
\x
Reported by SQLint.
test/sql/include/insert_single.sql
5 issues
Line: 19
Column: 1
CREATE INDEX ON PUBLIC."one_Partition" ("timeCustom" DESC NULLS LAST, series_2) WHERE series_2 IS NOT NULL;
CREATE INDEX ON PUBLIC."one_Partition" ("timeCustom" DESC NULLS LAST, series_bool) WHERE series_bool IS NOT NULL;
\c :DBNAME :ROLE_SUPERUSER
CREATE SCHEMA "one_Partition" AUTHORIZATION :ROLE_DEFAULT_PERM_USER;
\c :DBNAME :ROLE_DEFAULT_PERM_USER;
SELECT * FROM create_hypertable('"public"."one_Partition"', 'timeCustom', associated_schema_name=>'one_Partition', chunk_time_interval=>_timescaledb_internal.interval_to_usec('1 month'));
Reported by SQLint.
Line: 21
Column: 1
\c :DBNAME :ROLE_SUPERUSER
CREATE SCHEMA "one_Partition" AUTHORIZATION :ROLE_DEFAULT_PERM_USER;
\c :DBNAME :ROLE_DEFAULT_PERM_USER;
SELECT * FROM create_hypertable('"public"."one_Partition"', 'timeCustom', associated_schema_name=>'one_Partition', chunk_time_interval=>_timescaledb_internal.interval_to_usec('1 month'));
--output command tags
\set QUIET off
Reported by SQLint.
Line: 26
Column: 1
SELECT * FROM create_hypertable('"public"."one_Partition"', 'timeCustom', associated_schema_name=>'one_Partition', chunk_time_interval=>_timescaledb_internal.interval_to_usec('1 month'));
--output command tags
\set QUIET off
BEGIN;
\COPY "one_Partition" FROM 'data/ds1_dev1_1.tsv' NULL AS '';
COMMIT;
INSERT INTO "one_Partition"("timeCustom", device_id, series_0, series_1) VALUES
Reported by SQLint.
Line: 28
Column: 1
--output command tags
\set QUIET off
BEGIN;
\COPY "one_Partition" FROM 'data/ds1_dev1_1.tsv' NULL AS '';
COMMIT;
INSERT INTO "one_Partition"("timeCustom", device_id, series_0, series_1) VALUES
(1257987600000000000, 'dev1', 1.5, 1),
(1257987600000000000, 'dev1', 1.5, 2),
Reported by SQLint.
Line: 39
Column: 1
INSERT INTO "one_Partition"("timeCustom", device_id, series_0, series_1) VALUES
(1257894000000000000, 'dev2', 1.5, 2);
\set QUIET on
Reported by SQLint.
tsl/test/sql/include/dist_query_run.sql
5 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\echo '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'
\echo '%%% RUNNING TESTS on table:' :TABLE_NAME
\echo '%%% PREFIX:' :PREFIX
\echo '%%% WHERE_CLAUSE:' :WHERE_CLAUSE
\echo '%%% ORDER_BY_1:' :ORDER_BY_1
\echo '%%% ORDER_BY_1_2:' :ORDER_BY_1_2
Reported by SQLint.
Line: 18
Column: 1
-----------------------------------------------------------------
-- GROUP on time (partial aggregation)
-----------------------------------------------------------------
\set TEST_DESC '\n######### Grouping on time only (partial aggregation)\n'
\qecho :TEST_DESC
:PREFIX
SELECT time, avg(temp)
FROM :TABLE_NAME
WHERE :WHERE_CLAUSE
Reported by SQLint.
Line: 203
Column: 1
-----------------------------------------------------------------
-- LIMIT push down support
-----------------------------------------------------------------
\set TEST_DESC '\n######### LIMIT push down cases\n'
-- Basic query (should be pushed)
\qecho :TEST_DESC
:PREFIX
SELECT time, device
Reported by SQLint.
Line: 282
Column: 1
-- JOIN with a local table
CREATE TABLE join_test (device int);
\qecho :TEST_DESC
:PREFIX
SELECT t.time
FROM :TABLE_NAME t, join_test
WHERE t.device = join_test.device
LIMIT 10;
Reported by SQLint.
Line: 295
Column: 1
-- Test CTE / sub-queries. Data from two sub-queries on the same data
-- node is joined on the access node.
-----------------------------------------------------------------
\set TEST_DESC '\n######### CTEs/Sub-queries\n'
-- CTE / subquery
\qecho :TEST_DESC
:PREFIX
WITH top_n AS (
Reported by SQLint.
tsl/test/sql/compression_errors.sql
5 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ON_ERROR_STOP 0
\set VERBOSITY default
--table with special column names --
create table foo2 (a integer, "bacB toD" integer, c integer, d integer);
select table_name from create_hypertable('foo2', 'a', chunk_time_interval=> 10);
Reported by SQLint.
Line: 113
Column: 158
ALTER TABLE foo set (timescaledb.compress, timescaledb.compress_orderby = 'a', timescaledb.compress_segmentby = 'b');
select ch1.schema_name|| '.' || ch1.table_name AS "CHUNK_NAME"
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht where ch1.hypertable_id = ht.id and ht.table_name like 'foo' ORDER BY ch1.id limit 1 \gset
select decompress_chunk(:'CHUNK_NAME');
select decompress_chunk(:'CHUNK_NAME', if_compressed=>true);
Reported by SQLint.
Line: 146
Column: 73
SELECT comp_hyper.schema_name|| '.' || comp_hyper.table_name as "COMPRESSED_HYPER_NAME"
FROM _timescaledb_catalog.hypertable comp_hyper
INNER JOIN _timescaledb_catalog.hypertable uncomp_hyper ON (comp_hyper.id = uncomp_hyper.compressed_hypertable_id)
WHERE uncomp_hyper.table_name like 'foo' ORDER BY comp_hyper.id LIMIT 1 \gset
select add_retention_policy(:'COMPRESSED_HYPER_NAME', INTERVAL '4 months', true);
--Constraint checking for compression
create table fortable(col integer primary key);
Reported by SQLint.
Line: 211
Column: 25
select ch1.schema_name|| '.' || ch1.table_name AS "CHUNK_NAME"
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht
where ch1.hypertable_id = ht.id and ht.table_name like 'table_constr'
ORDER BY ch1.id limit 1 \gset
-- we have 1 compressed and 1 uncompressed chunk after this.
select compress_chunk(:'CHUNK_NAME');
SELECT total_chunks , number_compressed_chunks
Reported by SQLint.
Line: 238
Column: 72
--compress a chunk and try to disable compression, it should fail --
SELECT ch1.schema_name|| '.' || ch1.table_name AS "CHUNK_NAME"
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht
WHERE ch1.hypertable_id = ht.id and ht.table_name like 'table_constr2' \gset
SELECT compress_chunk(:'CHUNK_NAME');
ALTER TABLE table_constr2 set (timescaledb.compress=false);
--decompress all chunks and disable compression.
SELECT decompress_chunk(:'CHUNK_NAME');
Reported by SQLint.
tsl/src/fdw/deparse.c
5 issues
Line: 2104
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
foreach (lc, *context->params_list)
{
pindex++;
if (equal(node, (Node *) lfirst(lc)))
break;
}
if (lc == NULL)
{
/* not in list, so add it */
Reported by FlawFinder.
Line: 2166
Column: 45
CWE codes:
126
* No need to quote unless it's a special value such as 'NaN'.
* See comments in get_const_expr().
*/
if (strspn(extval, "0123456789+-eE.") == strlen(extval))
{
if (extval[0] == '+' || extval[0] == '-')
appendStringInfo(buf, "(%s)", extval);
else
appendStringInfoString(buf, extval);
Reported by FlawFinder.
Line: 2172
Column: 35
CWE codes:
126
appendStringInfo(buf, "(%s)", extval);
else
appendStringInfoString(buf, extval);
if (strcspn(extval, "eE.") != strlen(extval))
isfloat = true; /* it looks like a float */
}
else
appendStringInfo(buf, "'%s'", extval);
}
Reported by FlawFinder.
Line: 2244
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
foreach (lc, *context->params_list)
{
pindex++;
if (equal(node, (Node *) lfirst(lc)))
break;
}
if (lc == NULL)
{
/* not in list, so add it */
Reported by FlawFinder.
Line: 3095
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
i = 1;
foreach (lc, foreignrel->reltarget->exprs)
{
if (equal(lfirst(lc), (Node *) node))
{
*colno = i;
return;
}
i++;
Reported by FlawFinder.
test/sql/create_chunks.sql
4 issues
Line: 49
Column: 1
WHERE h.schema_name = 'public' AND h.table_name = 'chunk_test'
ORDER BY c.id, d.id;
\c :TEST_DBNAME :ROLE_SUPERUSER
SELECT set_number_partitions('chunk_test', 3);
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
SELECT set_chunk_time_interval('chunk_test', 1::bigint);
INSERT INTO chunk_test VALUES (8, 24.3, 11233, 1);
Reported by SQLint.
Line: 51
Column: 1
\c :TEST_DBNAME :ROLE_SUPERUSER
SELECT set_number_partitions('chunk_test', 3);
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
SELECT set_chunk_time_interval('chunk_test', 1::bigint);
INSERT INTO chunk_test VALUES (8, 24.3, 11233, 1);
SELECT set_chunk_time_interval('chunk_test', 5::bigint);
Reported by SQLint.
Line: 114
Column: 1
WHERE h.schema_name = 'public' AND h.table_name = 'chunk_test2'
ORDER BY d.id;
\set ON_ERROR_STOP 0
select set_chunk_time_interval(NULL,NULL::interval);
-- should fail since time column is an int
SELECT set_chunk_time_interval('chunk_test', INTERVAL '1 minute');
-- should fail since its not a valid way to represent time
SELECT set_chunk_time_interval('chunk_test', 'foo'::TEXT);
Reported by SQLint.
Line: 123
Column: 1
SELECT set_chunk_time_interval('chunk_test', NULL::BIGINT);
SELECT set_chunk_time_interval('chunk_test2', NULL::BIGINT);
SELECT set_chunk_time_interval('chunk_test2', NULL::INTERVAL);
\set ON_ERROR_STOP 1
Reported by SQLint.
src/chunk.c
4 issues
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fd->id = DatumGetInt32(values[AttrNumberGetAttrOffset(Anum_chunk_id)]);
fd->hypertable_id = DatumGetInt32(values[AttrNumberGetAttrOffset(Anum_chunk_hypertable_id)]);
memcpy(&fd->schema_name,
DatumGetName(values[AttrNumberGetAttrOffset(Anum_chunk_schema_name)]),
NAMEDATALEN);
memcpy(&fd->table_name,
DatumGetName(values[AttrNumberGetAttrOffset(Anum_chunk_table_name)]),
NAMEDATALEN);
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&fd->schema_name,
DatumGetName(values[AttrNumberGetAttrOffset(Anum_chunk_schema_name)]),
NAMEDATALEN);
memcpy(&fd->table_name,
DatumGetName(values[AttrNumberGetAttrOffset(Anum_chunk_table_name)]),
NAMEDATALEN);
if (nulls[AttrNumberGetAttrOffset(Anum_chunk_compressed_chunk_id)])
fd->compressed_chunk_id = INVALID_CHUNK_ID;
Reported by FlawFinder.
Line: 2311
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ChunkDataNode *node = lfirst(lc);
ChunkDataNode *copy = palloc(sizeof(ChunkDataNode));
memcpy(copy, node, sizeof(ChunkDataNode));
lcopy = lappend(lcopy, copy);
}
return lcopy;
Reported by FlawFinder.
Line: 2326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ASSERT_IS_VALID_CHUNK(chunk);
copy = palloc(sizeof(Chunk));
memcpy(copy, chunk, sizeof(Chunk));
if (NULL != chunk->constraints)
copy->constraints = ts_chunk_constraints_copy(chunk->constraints);
if (NULL != chunk->cube)
Reported by FlawFinder.
tsl/src/compression/create.c
4 issues
Line: 67
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define PRINT_COMPRESSION_TABLE_NAME(buf, prefix, hypertable_id) \
do \
{ \
int ret = snprintf(buf, NAMEDATALEN, prefix, hypertable_id); \
if (ret < 0 || ret > NAMEDATALEN) \
{ \
ereport(ERROR, \
(errcode(ERRCODE_INTERNAL_ERROR), \
errmsg("bad compression hypertable internal name"))); \
Reported by FlawFinder.
Line: 116
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
Assert(fd->orderby_column_index > 0);
ret = snprintf(buf,
NAMEDATALEN,
COMPRESSION_COLUMN_METADATA_PREFIX "%s_%d",
type,
fd->orderby_column_index);
if (ret < 0 || ret > NAMEDATALEN)
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
create_compression_table(Oid owner, CompressColInfo *compress_cols)
{
ObjectAddress tbladdress;
char relnamebuf[NAMEDATALEN];
CatalogSecurityContext sec_ctx;
Datum toast_options;
static char *validnsps[] = HEAP_RELOPT_NAMESPACES;
Oid compress_relid;
Reported by FlawFinder.
Line: 279
Column: 6
CWE codes:
126
continue;
if (strncmp(NameStr(attr->attname),
COMPRESSION_COLUMN_METADATA_PREFIX,
strlen(COMPRESSION_COLUMN_METADATA_PREFIX)) == 0)
elog(ERROR,
"cannot compress tables with reserved column prefix '%s'",
COMPRESSION_COLUMN_METADATA_PREFIX);
namestrcpy(&cc->col_meta[colno].attname, NameStr(attr->attname));
Reported by FlawFinder.