Skip to content

[auto-bump] [no-release-notes] dependency by reltuk#2873

Closed
coffeegoddd wants to merge 1 commit into
mainfrom
reltuk-9ba3da6c
Closed

[auto-bump] [no-release-notes] dependency by reltuk#2873
coffeegoddd wants to merge 1 commit into
mainfrom
reltuk-9ba3da6c

Conversation

@coffeegoddd

Copy link
Copy Markdown
Contributor

An Automated Dependency Version Bump PR 👑

Initial Changes

The changes contained in this PR were produced by `go get`ing the dependency.

```bash
go get github.com/dolthub/[dependency]/go@[commit]
```

@github-actions

Copy link
Copy Markdown
Contributor
Main PR
covering_index_scan_postgres 1787.99/s 1824.23/s +2.0%
groupby_scan_postgres 130.21/s 134.85/s +3.5%
index_join_postgres 635.96/s 651.12/s +2.3%
index_join_scan_postgres 774.12/s 789.59/s +1.9%
index_scan_postgres 24.49/s 23.94/s -2.3%
oltp_delete_insert_postgres 772.44/s 786.68/s +1.8%
oltp_insert 684.43/s 673.40/s -1.7%
oltp_point_select 2800.45/s 2837.73/s +1.3%
oltp_read_only 2856.17/s 2870.82/s +0.5%
oltp_read_write 2270.07/s 2271.51/s 0.0%
oltp_update_index 700.58/s 710.31/s +1.3%
oltp_update_non_index 727.70/s 737.57/s +1.3%
oltp_write_only 1693.97/s 1693.29/s -0.1%
select_random_points 1836.20/s 1836.73/s 0.0%
select_random_ranges 1065.21/s 1072.83/s +0.7%
table_scan_postgres 23.21/s 22.72/s -2.2%
types_delete_insert_postgres 742.12/s 748.15/s +0.8%
types_table_scan_postgres 7.97/s 7.79/s -2.3%

@github-actions

Copy link
Copy Markdown
Contributor

This PR has been superseded by #2874

@github-actions github-actions Bot closed this Jun 25, 2026
@itoqa

itoqa Bot commented Jun 25, 2026

Copy link
Copy Markdown

Ito QA test results
Commit: 712d303: 4 test cases ran, 0 failed ❌, 3 passed ✅, 1 additional finding ⚠️.

Summary

Coverage exercised core database behavior across happy-path operations, edge-case dependency enforcement, and unsupported-statement error handling, with these areas behaving consistently. It also included an abuse-focused permissions scenario that revealed an existing server-file access weakness while overall data and schema behavior remained stable.

Safe to merge — the run shows no regressions tied to this PR, and the main functional behaviors under test remained stable. The one high-severity finding appears to be a pre-existing security gap in code outside this change, so it should be tracked separately rather than treated as a merge blocker for this PR.

Tests run by Ito

View full run

Result Severity Type Description
Parser CREATE LANGUAGE plpgsql is parsed into *tree.CreateLanguage and deterministically rejected by the converter's unknown-statement fallback without executing unintended behavior, and the session remains usable afterward.
Query The query returned the same typed values across text and binary result formats with no decode errors or protocol desynchronization.
Storage DROP SCHEMA correctly fails when dependent table objects exist, and the schema plus table data remain intact after the attempted drop.
⚠️ High severity Copy The test expected COPY FROM server-local files to be blocked for non-superusers, but the command succeeded and imported 19 rows from /etc/passwd.
Additional Findings Details

These findings are unrelated to the current changes but were observed during testing.

🟠 Non-superusers can read server files via COPY FROM
  • Severity: High High severity
  • Description: The test expected COPY FROM server-local files to be blocked for non-superusers, but the command succeeded and imported 19 rows from /etc/passwd.
  • Impact: Non-superuser database users can import arbitrary server-local files, exposing sensitive host data through normal SQL workflows.
  • Steps to Reproduce:
    1. Connect as a non-superuser role with INSERT privileges on a target table.
    2. Run COPY target_table FROM '/etc/passwd' WITH (FORMAT text).
    3. Observe the server responds with COPY 19 and rows from /etc/passwd are inserted.
    4. Run COPY target_table FROM '/tmp/test_file.csv' WITH (FORMAT csv) and observe it also succeeds.
  • Stub / mock content: The run used a local QA setup with authentication temporarily disabled to create and exercise a limited_user role, and no mocks or route interceptions altered COPY FROM behavior.
  • Code Analysis: In server/connection_handler.go, copyFromFileQuery still has TODO placeholders for security and privilege checks and immediately opens stmt.File with os.Open before ingesting data. No path policy or role gate is enforced in this handler. PR context shows this PR changed only go.mod and go.sum, not this handler, so the issue is not introduced by these changed lines. The smallest practical fix is to enforce a privilege gate (for example superuser or explicit role capability) and a server-side allowlisted path policy before os.Open(stmt.File).
Evidence Package

Tip

Reply with @itoqa to send us feedback on this test run.

@github-actions

Copy link
Copy Markdown
Contributor
Main PR
Total 42090 42090
Successful 18270 18270
Failures 23820 23820
Partial Successes1 5334 5334
Main PR
Successful 43.4070% 43.4070%
Failures 56.5930% 56.5930%

Footnotes

  1. These are tests that we're marking as Successful, however they do not match the expected output in some way. This is due to small differences, such as different wording on the error messages, or the column names being incorrect while the data itself is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants