Validate identifiers substituted into extension scripts#308
Open
jim-mlodgenski wants to merge 1 commit into
Open
Validate identifiers substituted into extension scripts#308jim-mlodgenski wants to merge 1 commit into
jim-mlodgenski wants to merge 1 commit into
Conversation
execute_extension_script() substitutes @extowner@ and @extschema@ into
the extension script, filtering each value through quote_identifier().
Certain characters (" $ ' \) cannot be quoted consistently both inside
and outside of string literals, so a name containing one of them can
produce a script that does not parse the way the extension author
intended once the substitution is performed.
Reject substitution when the owner or schema name contains any of these
characters instead of producing such a script. This matches the
identifier handling that PostgreSQL core performs for the same
substitutions. Extend pg_tle_injection with coverage for both the owner
and schema cases, including that ordinary names continue to work.
sibowu-aws
reviewed
Jun 11, 2026
| -- @extschema@ and @extowner@ substitutions are filtered through | ||
| -- quote_identifier(). A schema or owner name containing a character that | ||
| -- cannot be consistently quoted inside and outside of string literals (any of | ||
| -- " $ ' \) must be rejected rather than substituted into the script. |
Contributor
There was a problem hiding this comment.
nit: guess it is still beneficial to test $ and \ ?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
execute_extension_script()substitutes@extowner@and@extschema@into the extension script, filtering each value through
quote_identifier(). Certain characters ("$'\) cannot bequoted consistently both inside and outside of string literals, so a
name containing one of them can produce a script that does not parse the
way the extension author intended once the substitution is performed.
This change rejects substitution when the owner or schema name contains
any of these characters instead of producing such a script, matching the
identifier handling that PostgreSQL core performs for the same
substitutions. The
pg_tle_injectionregression test is extended withcoverage for both the owner and schema cases, including a check that
ordinary names continue to work.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.