Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sYZvV-00CTAE-LV for pgsql-hackers@arkaria.postgresql.org; Mon, 29 Jul 2024 23:37:14 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sYZvU-0049zu-6b for pgsql-hackers@arkaria.postgresql.org; Mon, 29 Jul 2024 23:37:12 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sYZvT-0049zm-1F for pgsql-hackers@lists.postgresql.org; Mon, 29 Jul 2024 23:37:11 +0000 Received: from mout-u-204.mailbox.org ([2001:67c:2050:101:465::204]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sYZvP-0027Gk-Ng for pgsql-hackers@lists.postgresql.org; Mon, 29 Jul 2024 23:37:09 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-u-204.mailbox.org (Postfix) with ESMTPS id 4WXvs52VCZz9sQT; Tue, 30 Jul 2024 01:36:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ewie.name; s=MBO0001; t=1722296217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=AvOXDnAvTR/DxrZsMhNKpPxLEDXkztit32nmyvijCtE=; b=Yc//RFMsCVGrRDPeqmSXSy/5hC8jOl8Neht1OoSIc1tI1cbomD35litLxj/r/8hcOqSRAI BiCYXedBARSrlgciA2F5UlWNXCq7mLU19oT13OAJLY3xXlq+cvStnhG+hnAOqILRO0VtjP fHK9WReH+d8ffubVk2FBIPfpY85d9Hi3gbdMtGTgdV1NYmvJLUL+0T4+xdROv8TmnXeHge mJDVw5porUgIheeIa4ErBccEzHlCCbTLZXNVEg0S9Z60NffOUiLNudRHYLkndowvF9bZjR PqNuieXfKBN5lTlYHq/xakbxDdnctwailxPiJKPyoDYRTvlXZ6hii0OVoNwy5A== Date: Tue, 30 Jul 2024 01:36:55 +0200 From: Erik Wienhold To: Yugo NAGATA Cc: pgsql-hackers@lists.postgresql.org Subject: Re: psql: Add leakproof field to \dAo+ meta-command results Message-ID: <2121478f-54db-4a8b-9dae-fbca18ad1fc6@ewie.name> References: <20240701220817.483f9b645b95611f8b1f65da@sranhm.sraoss.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240701220817.483f9b645b95611f8b1f65da@sranhm.sraoss.co.jp> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 2024-07-01 15:08 +0200, Yugo NAGATA wrote: > I would like to propose to add a new field to psql's \dAo+ meta-command > to show whether the underlying function of an operator is leak-proof. +1 for making that info easily accessible. > This idea is inspired from [1] that claims some indexes uses non-LEAKPROOF > functions under the associated operators, as a result, it can not be selected > for queries with security_barrier views or row-level security policies. > The original proposal was to add a query over system catalogs for looking up > non-leakproof operators to the documentation, but I thought it is useful > to improve \dAo results rather than putting such query to the doc. > > The attached patch adds the field to \dAo+ and also a description that > explains the relation between indexes and security quals with referencing > \dAo+ meta-command. > > [1] https://www.postgresql.org/message-id/raw/5af3bf0c-5e0c-4128-81dc-084c5258b1af%40code406.com \dAo+ output looks good. But this patch fails regression tests in src/test/regress/sql/psql.sql (\dAo+ btree float_ops) because of the new leak-proof column. I think this could even be changed to "\dAo+ btree array_ops|float_ops" to also cover operators that are not leak-proof. + + For example, an index scan can not be selected for queries with I check the docs and "cannot" is more commonly used than "can not". + security_barrier views or row-level security policies if an + operator used in the WHERE clause is associated with the + operator family of the index, but its underlying function is not marked + LEAKPROOF. The program's + \dAo+ meta-command is useful for listing the operators + with associated operator families and whether it is leak-proof. + I think the last sentence can be improved. How about: "Use psql's \dAo+ command to list operator families and tell which of their operators are marked as leak-proof."? Should something similar be added to [1] which also talks about leak-proof operators? The rest is just formatting nitpicks: + ", ofs.opfname AS \"%s\"\n," The trailing comma should come before the newline. + " CASE\n" + " WHEN p.proleakproof THEN '%s'\n" + " ELSE '%s'\n" + " END AS \"%s\"\n", WHEN/ELSE/END should be intended with one additional space to be consistent with the other CASE expressions in this query. [1] https://www.postgresql.org/docs/devel/planner-stats-security.html -- Erik