Class: Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection

Inherits:
Base
  • Object
show all
Defined in:
lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb

Overview

The purpose of this analyzer is to validate if tables observed are properly used according to schema used by current connection

Constant Summary collapse

CrossSchemaAccessError = 
Class.new(QueryAnalyzerError)

Constants inherited from Base

Base::QueryAnalyzerError

Class Method Summary collapse

Methods inherited from Base

analyzer_key, begin!, context, context_key, end!, requires_tracking?, suppress=, suppress_key, suppressed?, with_suppressed

Class Method Details

.analyze(parsed) ⇒ Object

Raises:



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb', line 16

def analyze(parsed)
  tables = parsed.pg.select_tables + parsed.pg.dml_tables
  table_schemas = ::Gitlab::Database::GitlabSchema.table_schemas!(tables)
  return if table_schemas.empty?

  allowed_schemas = ::Gitlab::Database.gitlab_schemas_for_connection(parsed.connection)
  return unless allowed_schemas

  invalid_schemas = table_schemas - allowed_schemas

  return if invalid_schemas.empty?

  schema_list = table_schemas.sort.join(',')

  message = "The query tried to access #{tables} (of #{schema_list}) "
  message += "which is outside of allowed schemas (#{allowed_schemas}) "
  message += "for the current connection '#{Gitlab::Database.db_config_name(parsed.connection)}'"

  raise CrossSchemaAccessError, message
end

.enabled?Boolean

Returns:

  • (Boolean) 


12
13
14
 
# File 'lib/gitlab/database/query_analyzers/gitlab_schemas_validate_connection.rb', line 12

def enabled?
  true
end