search

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
https://www.cossacklabs.com/acra/
Apache License 2.0
1.33k stars 128 forks source link

[ISSUE] Acra throws errors on tables with columns wrapped with double quotes #587

Closed Machado117 closed 1 year ago

Machado117 commented 1 year ago

Describe the bug Errors can be found on acra server logs when creating tables with columns wrapped with double quotes. Also, when executing select queries that use columns wrapped with double quotes, encrypted fields won't be decrypted.

To Reproduce Steps to reproduce the behavior:

  1. Create table CREATE TABLE mytable ("NAME" bytea, "AGE" integer);

Acra logs:

2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'
2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'
  1. Insert some data INSERT INTO mytable ("NAME", "AGE") VALUES ('John', 1);
  2. Execute a select query SELECT * FROM mytable WHERE "AGE" = 1; Acra logs: 
    
2022/10/03 16:49:50 ignoring error of non parsed sql statement
2022/10/03 16:49:50 ignoring error of non parsed sql statement
Query result:
NAME    | AGE

------------+----- \x4a6f686e | 1 (1 row)

**Expected behavior**
Acra should parse these queries and decrypt the field

**Acra configuration files**
For AcraServer: 
    - [ ] `encryptor_config.yaml`.

Environment (please complete the following information):

Lagovas commented 1 year ago

Hello, nice catch. I reproduced this error and we will fix it soon. AcraServer supports columns wrapped in double quotes but in this case, sqlparser incorrectly matched this as string literal instead of column name for PostgreSQL dialect. Due to pgsql doesn't allow strings in double quotes, it was handled as error.

2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME' 2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'

These log messages are valid and don't affect any encryption operations, because acra-server doesn't need to process DDL for now. But there is an error in another place.

Lagovas commented 1 year ago

Hi. Recently we have pushed new updates (#590) which fixes this issue. Please, pull and try acra from the master branch.

Machado117 commented 1 year ago

Great! It's fixed, thanks!