The following issues were found
test/sql/truncate.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\o /dev/null
\ir include/insert_two_partitions.sql
\o
SELECT * FROM _timescaledb_catalog.hypertable;
SELECT * FROM _timescaledb_catalog.chunk;
Reported by SQLint.
Line: 58
Column: 1
AFTER TRUNCATE ON _timescaledb_internal._hyper_1_5_chunk
FOR EACH STATEMENT EXECUTE FUNCTION test_trigger();
\set ON_ERROR_STOP 0
TRUNCATE "two_Partitions";
-- cannot TRUNCATE ONLY a hypertable
TRUNCATE ONLY "two_Partitions" CASCADE;
\set ON_ERROR_STOP 1
Reported by SQLint.
Line: 62
Column: 1
TRUNCATE "two_Partitions";
-- cannot TRUNCATE ONLY a hypertable
TRUNCATE ONLY "two_Partitions" CASCADE;
\set ON_ERROR_STOP 1
-- create a regular table to make sure we can truncate it in the same call
CREATE TABLE truncate_normal (color int);
INSERT INTO truncate_normal VALUES (1);
SELECT * FROM truncate_normal;
Reported by SQLint.
test/sql/updates/pre.cleanup.sql
3 issues
Line: 13
Column: 1
SET client_min_messages TO WARNING;
\if :has_create_mat_view
DROP MATERIALIZED VIEW IF EXISTS mat_inval CASCADE;
DROP MATERIALIZED VIEW IF EXISTS mat_drop CASCADE;
DROP MATERIALIZED VIEW IF EXISTS mat_before CASCADE;
DROP MATERIALIZED VIEW IF EXISTS mat_conflict CASCADE;
DROP MATERIALIZED VIEW IF EXISTS mat_inttime CASCADE;
Reported by SQLint.
Line: 22
Column: 1
DROP MATERIALIZED VIEW IF EXISTS mat_inttime2 CASCADE;
DROP MATERIALIZED VIEW IF EXISTS mat_ignoreinval CASCADE;
DROP MATERIALIZED VIEW IF EXISTS cagg.realtime_mat CASCADE;
\else
DROP VIEW IF EXISTS mat_inval CASCADE;
DROP VIEW IF EXISTS mat_drop CASCADE;
DROP VIEW IF EXISTS mat_before CASCADE;
DROP VIEW IF EXISTS mat_conflict CASCADE;
DROP VIEW IF EXISTS mat_inttime CASCADE;
Reported by SQLint.
Line: 31
Column: 1
DROP VIEW IF EXISTS mat_inttime2 CASCADE;
DROP VIEW IF EXISTS mat_ignoreinval CASCADE;
DROP VIEW IF EXISTS cagg.realtime_mat CASCADE;
\endif
DROP TABLE IF EXISTS public.hyper_timestamp;
DROP TABLE IF EXISTS public."two_Partitions";
DROP TABLE IF EXISTS conditions_before;
DROP TABLE IF EXISTS inval_test;
Reported by SQLint.
test/sql/updates/setup.continuous_aggs.sql
3 issues
Line: 136
Column: 101
GRANT SELECT ON mat_before TO cagg_user WITH GRANT OPTION;
-- have to use psql conditional here because the procedure call can't be in transaction
SELECT extversion < '2.0.0' AS has_refresh_mat_view from pg_extension WHERE extname = 'timescaledb' \gset
\if :has_refresh_mat_view
REFRESH MATERIALIZED VIEW mat_before;
\else
CALL refresh_continuous_aggregate('mat_before',NULL,NULL);
\endif
Reported by SQLint.
Line: 139
Column: 1
SELECT extversion < '2.0.0' AS has_refresh_mat_view from pg_extension WHERE extname = 'timescaledb' \gset
\if :has_refresh_mat_view
REFRESH MATERIALIZED VIEW mat_before;
\else
CALL refresh_continuous_aggregate('mat_before',NULL,NULL);
\endif
Reported by SQLint.
Line: 141
Column: 1
REFRESH MATERIALIZED VIEW mat_before;
\else
CALL refresh_continuous_aggregate('mat_before',NULL,NULL);
\endif
Reported by SQLint.
test/src/telemetry/test_telemetry.c
3 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
build_request(int status)
{
HttpRequest *req = ts_http_request_create(HTTP_GET);
char uri[20];
snprintf(uri, 20, "/status/%d", status);
ts_http_request_set_uri(req, uri);
ts_http_request_set_version(req, HTTP_VERSION_10);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return test_factory(CONNECTION_SSL, status, TEST_ENDPOINT, HTTPS_PORT);
#else
char buf[128] = { '\0' };
if (status / 100 != 2)
elog(ERROR, "endpoint sent back unexpected HTTP status: %d", status);
snprintf(buf, sizeof(buf) - 1, "{\"status\":%d}", status);
Reported by FlawFinder.
Line: 76
Column: 54
CWE codes:
126
#ifdef TS_DEBUG
if (type == CONNECTION_MOCK)
ts_connection_mock_set_recv_buf(conn, test_string, strlen(test_string));
#endif
req = build_request(status);
rsp = ts_http_response_state_create();
Reported by FlawFinder.
tsl/src/chunk_api.c
3 issues
Line: 465
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *remote_chunk_name, List *data_nodes)
{
AsyncRequestSet *reqset = async_request_set_create();
const char *params[CREATE_CHUNK_NUM_ARGS] = {
quote_qualified_identifier(NameStr(ht->fd.schema_name), NameStr(ht->fd.table_name)),
chunk_api_dimension_slices_json(chunk, ht),
NameStr(chunk->fd.schema_name),
NameStr(chunk->fd.table_name),
remote_chunk_name ? remote_chunk_name : NULL,
Reported by FlawFinder.
Line: 1702
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *create_cmd =
psprintf("SELECT %s.%s($1, $2, $3, $4)", INTERNAL_SCHEMA_NAME, CREATE_CHUNK_TABLE_NAME);
const char *params[4] = { quote_qualified_identifier(NameStr(ht->fd.schema_name),
NameStr(ht->fd.table_name)),
chunk_api_dimension_slices_json(chunk, ht),
NameStr(chunk->fd.schema_name),
NameStr(chunk->fd.table_name) };
Reported by FlawFinder.
Line: 92
Column: 22
CWE codes:
126
Assert(hs->dimensions[i].fd.id == hc->slices[i]->fd.dimension_id);
k.type = jbvString;
k.val.string.len = strlen(dim_name);
k.val.string.val = dim_name;
pushJsonbValue(ps, WJB_KEY, &k);
pushJsonbValue(ps, WJB_BEGIN_ARRAY, NULL);
Reported by FlawFinder.
tsl/src/remote/txn_id.c
3 issues
Line: 73
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
RemoteTxnId *id = palloc0(sizeof(RemoteTxnId));
char dummy;
if (sscanf(id_string,
FMT_PATTERN "%c",
&id->version,
&id->xid,
&id->id.server_id,
&id->id.user_id,
Reported by FlawFinder.
Line: 104
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *out = palloc0(sizeof(char) * GID_MAX_SIZE);
int written;
written = snprintf(out,
GID_MAX_SIZE,
FMT_PATTERN,
REMOTE_TXN_ID_VERSION,
id->xid,
id->id.server_id,
Reported by FlawFinder.
Line: 62
Column: 37
CWE codes:
126
bool
remote_txn_id_matches_prepared_txn(const char *id_string)
{
if (strncmp(GID_PREFIX, id_string, strlen(GID_PREFIX)) == 0)
return true;
return false;
}
RemoteTxnId *
Reported by FlawFinder.
tsl/test/sql/ddl_hook.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\c :TEST_DBNAME :ROLE_SUPERUSER
CREATE OR REPLACE FUNCTION ts_test_ddl_command_hook_reg() RETURNS VOID
AS :TSL_MODULE_PATHNAME, 'ts_test_ddl_command_hook_reg'
LANGUAGE C VOLATILE STRICT;
Reported by SQLint.
Line: 92
Column: 1
ALTER TABLE htable2 RENAME TO htable;
-- DROP INDEX, TABLE
\set ON_ERROR_STOP 0
DROP INDEX htable_description_idx, htable_pk;
DROP TABLE htable, non_htable;
\set ON_ERROR_STOP 1
DROP INDEX htable_descr_idx;
DROP TABLE htable;
Reported by SQLint.
Line: 95
Column: 1
\set ON_ERROR_STOP 0
DROP INDEX htable_description_idx, htable_pk;
DROP TABLE htable, non_htable;
\set ON_ERROR_STOP 1
DROP INDEX htable_descr_idx;
DROP TABLE htable;
DROP TABLE non_htable;
-- DROP CASCADE cases
Reported by SQLint.
tsl/test/sql/deparse.sql
3 issues
Line: 8
Column: 1
-- We compare information(\d+) about manually created tables with the ones that were recreated using deparse_table command.
-- There should be no diff.
\set ECHO errors
\ir include/deparse_func.sql
SELECT format('%s/results/deparse_create.out', :'TEST_OUTPUT_DIR') AS "CREATE_OUT",
format('%s/results/deparse_recreate.out', :'TEST_OUTPUT_DIR') AS "RECREATE_OUT"
\gset
Reported by SQLint.
Line: 32
Column: 1
SELECT 'TABLE DEPARSE TEST DONE';
\set ECHO all
-- test drop_chunks function deparsing
SELECT * FROM tsl_test_deparse_drop_chunks('myschema.table10', '2019-01-01'::timestamptz, verbose => true);
SELECT * FROM tsl_test_deparse_drop_chunks('table1', newer_than => 12345);
SELECT * FROM tsl_test_deparse_drop_chunks('table1', older_than => interval '2 years', newer_than => '2015-01-01'::timestamp);
Reported by SQLint.
Line: 46
Column: 1
SELECT * FROM tsl_test_deparse_composite_func(schema_name => 'Foo', table_name => 'bar', option => false, "time" => timestamp '2019-09-10 11:08', message => 'This is a test message.');
-- test errors handling
\set ON_ERROR_STOP 0
CREATE TEMP TABLE fail_table1(x INT);
SELECT _timescaledb_internal.get_tabledef('fail_table1');
Reported by SQLint.
tsl/test/sql/include/compression_test.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ECHO errors
DROP TABLE IF EXISTS compressed;
CREATE TABLE compressed AS SELECT :COMPRESSION_CMD AS c FROM (:QUERY) AS sub;
SELECT pg_column_size(c) as "compressed size" FROM compressed;
Reported by SQLint.
Line: 44
Column: 47
WHERE (original.*) IS DISTINCT FROM (decompressed.*);
--Test IO
SELECT c "COMPRESSED_AS_TEXT" FROM compressed \gset
WITH original AS
(
SELECT row_number() OVER() row_number, * FROM (:QUERY) as q
),
Reported by SQLint.
Line: 69
Column: 1
FROM
(SELECT :DECOMPRESS_FORWARD_CMD as item FROM (SELECT :'COMPRESSED_AS_TEXT'::text as c) as txt) as decompressed_serialized;
\set ECHO all
Reported by SQLint.
tsl/test/sql/include/compression_utils.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ECHO errors
--
-- decompression functions for testing; not exposed in normal installation
--
Reported by SQLint.
Line: 8
Column: 42
\set ECHO errors
--
-- decompression functions for testing; not exposed in normal installation
--
CREATE OR REPLACE FUNCTION _timescaledb_internal.decompress_forward(_timescaledb_internal.compressed_data, ANYELEMENT)
RETURNS TABLE (value ANYELEMENT)
AS :MODULE_PATHNAME, 'ts_compressed_data_decompress_forward'
Reported by SQLint.
Line: 107
Column: 1
FINALFUNC = _timescaledb_internal.array_compressor_finish
);
\set ECHO all
Reported by SQLint.