2021-04-26 20:07:00 +02:00
|
|
|
#coding:utf-8
|
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
"""
|
|
|
|
ID: issue-5276
|
|
|
|
ISSUE: 5276
|
|
|
|
TITLE: Non-privileged user can implicitly count records in a restricted table
|
|
|
|
DESCRIPTION:
|
|
|
|
JIRA: CORE-4985
|
2022-02-02 15:46:19 +01:00
|
|
|
FBTEST: bugs.core_4985
|
2022-01-24 20:27:02 +01:00
|
|
|
"""
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
import pytest
|
|
|
|
from firebird.qa import *
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
db = db_factory()
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
tmp_user = user_factory('db', name='TMP$C4985', password='123')
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
test_script = """
|
2021-04-26 20:07:00 +02:00
|
|
|
-- Checked on build of 24.03.2016 4.0 Unstable.
|
|
|
|
|
|
|
|
set wng off;
|
|
|
|
create table test(id int);
|
|
|
|
set count on;
|
|
|
|
insert into test select 1 from rdb$types rows 7;
|
|
|
|
commit;
|
|
|
|
revoke all on all from TMP$C4985;
|
|
|
|
commit;
|
|
|
|
|
|
|
|
connect '$(DSN)' user 'TMP$C4985' password '123';
|
|
|
|
|
|
|
|
set list on;
|
|
|
|
select current_user as who_am_i from rdb$database;
|
|
|
|
select count(*) from test;
|
|
|
|
set count on;
|
|
|
|
select 1 from test;
|
|
|
|
|
|
|
|
commit;
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
act = isql_act('db', test_script)
|
2021-04-26 20:07:00 +02:00
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
expected_stdout = """
|
2021-04-26 20:07:00 +02:00
|
|
|
Records affected: 7
|
|
|
|
WHO_AM_I TMP$C4985
|
|
|
|
Records affected: 1
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
|
|
|
|
2022-01-24 20:27:02 +01:00
|
|
|
expected_stderr = """
|
2021-04-26 20:07:00 +02:00
|
|
|
Statement failed, SQLSTATE = 28000
|
|
|
|
no permission for SELECT access to TABLE TEST
|
|
|
|
-Effective user is TMP$C4985
|
|
|
|
|
|
|
|
Statement failed, SQLSTATE = 28000
|
|
|
|
no permission for SELECT access to TABLE TEST
|
|
|
|
-Effective user is TMP$C4985
|
2021-12-19 22:25:36 +01:00
|
|
|
"""
|
|
|
|
|
2021-04-26 20:07:00 +02:00
|
|
|
@pytest.mark.version('>=4.0')
|
2022-01-24 20:27:02 +01:00
|
|
|
def test_1(act: Action, tmp_user: User):
|
|
|
|
act.expected_stdout = expected_stdout
|
|
|
|
act.expected_stderr = expected_stderr
|
|
|
|
act.execute()
|
|
|
|
assert (act.clean_stderr == act.clean_expected_stderr and
|
|
|
|
act.clean_stdout == act.clean_expected_stdout)
|
2021-04-26 20:07:00 +02:00
|
|
|
|