The following issues were found
tsl/src/fdw/scan_exec.c
2 issues
Line: 205
Column: 23
CWE codes:
126
generate_updated_sql_using_current_timestamp(const char *original_sql, List *now_indicies)
{
static const char string_to_replace[] = "now()";
int replace_length = strlen(string_to_replace);
StringInfoData new_query;
ListCell *lc;
int curr_index = 0;
TimestampTz now;
Reported by FlawFinder.
Line: 222
Column: 23
CWE codes:
126
{
int next_index = lfirst_int(lc);
Assert(next_index < strlen(original_sql) &&
strncmp(string_to_replace, original_sql + next_index, replace_length) == 0);
appendBinaryStringInfo(&new_query, original_sql + curr_index, next_index - curr_index);
appendStringInfo(&new_query, "('%s'::timestamptz)", timestamptz_to_str(now));
curr_index = next_index + replace_length;
}
Reported by FlawFinder.
test/sql/cursor.sql
2 issues
Line: 12
Column: 1
INSERT INTO cursor_test SELECT '2001-01-01',1,0.5;
INSERT INTO cursor_test SELECT '2002-01-01',1,0.5;
\set ON_ERROR_STOP 0
BEGIN;
DECLARE c1 SCROLL CURSOR FOR SELECT * FROM cursor_test;
FETCH NEXT FROM c1;
-- this will produce an error because PostgreSQL checks
-- for the existence of a scan node with the relation id for every relation
Reported by SQLint.
Line: 38
Column: 1
DECLARE c1 SCROLL CURSOR FOR SELECT * FROM cursor_test WHERE time > '2010-01-01';
UPDATE cursor_test SET temp = 0.7 WHERE CURRENT OF c1;
COMMIT;
\set ON_ERROR_STOP 1
SET timescaledb.enable_constraint_exclusion TO off;
BEGIN;
DECLARE c1 SCROLL CURSOR FOR SELECT * FROM cursor_test;
FETCH NEXT FROM c1;
Reported by SQLint.
tsl/test/sql/include/compression_test_hypertable_segment_meta.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ECHO errors
SELECT 'NULL::'||:'TYPE' as "NULLTYPE" \gset
--compress the data
SELECT count(compress_chunk(chunk.schema_name|| '.' || chunk.table_name)) as count_compressed
Reported by SQLint.
Line: 32
Column: 1
)
as m;
\set ECHO all
Reported by SQLint.
tsl/test/sql/include/compression_test_segment_meta.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ECHO errors
SELECT
_timescaledb_internal.segment_meta_min_max_agg_max(i) = max(i),
_timescaledb_internal.segment_meta_min_max_agg_min(i) = min(i)
FROM :"TABLE";
Reported by SQLint.
Line: 12
Column: 1
_timescaledb_internal.segment_meta_min_max_agg_min(i) = min(i)
FROM :"TABLE";
\set ECHO all
Reported by SQLint.
tsl/src/fdw/modify_exec.c
2 issues
Line: 444
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
store_returning_result(fmstate, slot, res);
}
else
n_rows = atoi(PQcmdTuples(res));
}
/* And clean up */
async_response_result_close(rsp);
stmt_params_reset(params);
Reported by FlawFinder.
Line: 530
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
store_returning_result(fmstate, slot, res);
}
else
n_rows = atoi(PQcmdTuples(res));
}
/* And clean up */
async_response_result_close(rsp);
}
Reported by FlawFinder.
tsl/test/src/remote/txn_resolve.c
2 issues
Line: 22
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prepared_txn(TSConnectionId *id, const char *sql)
{
RemoteTxn *tx = palloc0(remote_txn_size());
memcpy(tx, id, sizeof(*id));
remote_txn_init(tx, get_connection());
remote_txn_begin(tx, 1);
remote_connection_cmd_ok(remote_txn_get_connection(tx), sql);
remote_txn_write_persistent_record(tx);
async_request_wait_ok_command(remote_txn_async_send_prepare_transaction(tx));
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
create_commited_txn_with_concurrent_heal(TSConnectionId *id)
{
RemoteTxn *tx = palloc0(remote_txn_size());
memcpy(tx, id, sizeof(*id));
remote_txn_init(tx, get_connection());
remote_txn_begin(tx, 1);
remote_connection_cmd_ok(remote_txn_get_connection(tx),
"INSERT INTO public.table_modified_by_txns VALUES "
"('committed with concurrent heal');");
Reported by FlawFinder.
test/sql/create_table.sql
2 issues
Line: 12
Column: 1
SELECT create_hypertable('test_hyper_pk', 'time');
\set ON_ERROR_STOP 0
-- Foreign key constraints that reference hypertables are currently unsupported
CREATE TABLE test_fk(time TIMESTAMPTZ REFERENCES test_hyper_pk(time));
\set ON_ERROR_STOP 1
Reported by SQLint.
Line: 15
Column: 1
\set ON_ERROR_STOP 0
-- Foreign key constraints that reference hypertables are currently unsupported
CREATE TABLE test_fk(time TIMESTAMPTZ REFERENCES test_hyper_pk(time));
\set ON_ERROR_STOP 1
Reported by SQLint.
test/sql/chunks.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\unset ECHO
\o /dev/null
\ir include/test_utils.sql
\o
\set ECHO errors
\set VERBOSITY default
Reported by SQLint.
Line: 30
Column: 1
OUT range_end BIGINT)
AS :MODULE_PATHNAME, 'ts_dimension_calculate_closed_range_default' LANGUAGE C STABLE;
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
--open
SELECT assert_equal(0::bigint, actual_range_start), assert_equal(10::bigint, actual_range_end)
FROM _timescaledb_internal.dimension_calculate_default_range_open(0,10, 'int8') AS res(actual_range_start, actual_range_end);
SELECT assert_equal(0::bigint, actual_range_start), assert_equal(10::bigint, actual_range_end)
Reported by SQLint.
tsl/test/sql/include/dist_query_load.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\ir debugsupport.sql
\set DN_DBNAME_1 :TEST_DBNAME _1
\set DN_DBNAME_2 :TEST_DBNAME _2
\set DN_DBNAME_3 :TEST_DBNAME _3
Reported by SQLint.
Line: 66
Column: 1
-- chunks. Note that this is before the given repartitioning time
-- above because chunk boundaries do not align exactly with the given
-- timestamp
\set REPARTITIONED_TIME_RANGE 'time >= ''2019-01-01'''
\set CLEAN_PARTITIONING_TIME_RANGE 'time BETWEEN ''2019-01-01'' AND ''2019-01-01 15:00'''
-- Custom agg func for push down tests
CREATE AGGREGATE custom_sum(int4) (
Reported by SQLint.
tsl/test/sql/continuous_aggs_policy_run.sql
2 issues
Line: 20
Column: 109
FROM continuous_agg_max_mat_date
GROUP BY 1 WITH NO DATA;
SELECT add_continuous_aggregate_policy('max_mat_view_date', '3 days', '1 day', '1 day'::interval) as job_id \gset
SELECT config FROM _timescaledb_config.bgw_job
WHERE id = :job_id;
INSERT INTO continuous_agg_max_mat_date
SELECT generate_series('2019-09-01'::date, '2019-09-10'::date, '1 day');
Reported by SQLint.
Line: 43
Column: 122
FROM continuous_agg_timestamp
GROUP BY 1 WITH NO DATA;
SELECT add_continuous_aggregate_policy('max_mat_view_timestamp', '15 days', '1 h'::interval , '1 h'::interval) as job_id \gset
INSERT INTO continuous_agg_timestamp
SELECT generate_series('2019-09-01 00:00'::timestamp, '2019-09-10 00:00'::timestamp, '1 day');
--- to prevent NOTICES set message level to warning
SET client_min_messages TO warning;
SET timescaledb.current_timestamp_mock = '2019-09-11 00:00';
Reported by SQLint.