IGNITE-21349 SQL Calcite: Fix failure on sensitive information hiding…

… for DDL statements - Fixes #11196. Signed-off-by: Aleksey Plekhanov <plehanov.alex@gmail.com>
apache · Jan 26, 2024 · 17c5d6b · 17c5d6b
1 parent 64692f9
commit 17c5d6b
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 21 deletions.
diff --git a/.../main/java/org/apache/ignite/internal/processors/query/calcite/CalciteQueryProcessor.java b/.../main/java/org/apache/ignite/internal/processors/query/calcite/CalciteQueryProcessor.java
@@ -35,6 +35,7 @@
 import org.apache.calcite.rel.RelCollationTraitDef;
 import org.apache.calcite.schema.SchemaPlus;
 import org.apache.calcite.sql.SqlCall;
+import org.apache.calcite.sql.SqlDdl;
 import org.apache.calcite.sql.SqlDynamicParam;
 import org.apache.calcite.sql.SqlKind;
 import org.apache.calcite.sql.SqlLiteral;
@@ -99,6 +100,7 @@
 import org.apache.ignite.internal.processors.query.calcite.schema.SchemaHolderImpl;
 import org.apache.ignite.internal.processors.query.calcite.sql.IgniteSqlAlterUser;
 import org.apache.ignite.internal.processors.query.calcite.sql.IgniteSqlConformance;
+import org.apache.ignite.internal.processors.query.calcite.sql.IgniteSqlCreateTable;
 import org.apache.ignite.internal.processors.query.calcite.sql.IgniteSqlCreateUser;
 import org.apache.ignite.internal.processors.query.calcite.sql.IgniteSqlOption;
 import org.apache.ignite.internal.processors.query.calcite.sql.fun.IgniteOwnSqlOperatorTable;
@@ -530,29 +532,43 @@ private String removeSensitive(SqlNode qry) {
         if (QueryUtils.INCLUDE_SENSITIVE)
             return qry.toString();
         else {
-            return qry.accept(
-                new SqlShuttle() {
-                    @Override public SqlNode visit(SqlLiteral literal) {
-                        return new SqlDynamicParam(-1, literal.getParserPosition());
-                    }
-
-                    @Override public SqlNode visit(SqlCall call) {
-                        // Handle some special cases.
-                        if (call instanceof IgniteSqlOption)
-                            return call;
-                        else if (call instanceof IgniteSqlCreateUser) {
-                            return new IgniteSqlCreateUser(call.getParserPosition(), ((IgniteSqlCreateUser)call).user(),
-                                SqlLiteral.createCharString("hidden", SqlParserPos.ZERO));
-                        }
-                        else if (call instanceof IgniteSqlAlterUser) {
-                            return new IgniteSqlAlterUser(call.getParserPosition(), ((IgniteSqlAlterUser)call).user(),
-                                SqlLiteral.createCharString("hidden", SqlParserPos.ZERO));
+            try {
+                return qry.accept(
+                    new SqlShuttle() {
+                        @Override public SqlNode visit(SqlLiteral literal) {
+                            return new SqlDynamicParam(-1, literal.getParserPosition());
                         }
 
-                        return super.visit(call);
+                        @Override public SqlNode visit(SqlCall call) {
+                            // Handle some special cases.
+                            if (call instanceof IgniteSqlOption)
+                                return call;
+                            else if (call instanceof IgniteSqlCreateUser) {
+                                return new IgniteSqlCreateUser(call.getParserPosition(), ((IgniteSqlCreateUser)call).user(),
+                                    SqlLiteral.createCharString("hidden", SqlParserPos.ZERO));
+                            }
+                            else if (call instanceof IgniteSqlAlterUser) {
+                                return new IgniteSqlAlterUser(call.getParserPosition(), ((IgniteSqlAlterUser)call).user(),
+                                    SqlLiteral.createCharString("hidden", SqlParserPos.ZERO));
+                            }
+                            // Assume DDL statements except CREATE ... AS SELECT, and CREATE/ALTER USER can't contain
+                            // sensitive data. Return these statements as is, since they can't be cloned by SqlShuttle
+                            // correctly and can't be unparsed.
+                            else if (call instanceof SqlDdl && !(call instanceof IgniteSqlCreateTable))
+                                return call;
+
+                            return super.visit(call);
+                        }
                     }
-                }
-            ).toString();
+                ).toString();
+            }
+            catch (Exception e) {
+                String msg = "Unable to remove sensitive information from SQL node of class: " + qry.getClass().getName();
+
+                log.warning(msg, e);
+
+                return msg;
+            }
         }
     }
 

diff --git a/...he/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java b/...he/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java
@@ -661,7 +661,7 @@ public void testSensitiveInformationHiding() throws Exception {
 
             // Test bounds hiding in index scans.
             sql(grid(0), "CREATE TABLE test_sens (id int, val varchar)");
-            sql(grid(0), "CREATE INDEX test_sens_idx ON test_sens(val)");
+            sql(grid(0), "CREATE INDEX test_sens_idx ON test_sens(val) INLINE_SIZE 10");
             sql(grid(0), "INSERT INTO test_sens (id, val) VALUES (0, 'sensitive0'), (1, 'sensitive1'), " +
                 "(2, 'sensitive2'), (3, 'sensitive3'), (4, 'sensitive4'), (5, 'sensitive5'), (6, 'sensitive6')");
             sql(grid(0), "SELECT * FROM test_sens WHERE val IN ('sensitive0', 'sensitive1')");