Errors during parsing some PostgreSQL queries

Question

Errors during parsing some PostgreSQL queries

storojs72 opened this issue 7 years ago · 1 comments

Some service queries like "ROLLBACK" (used in transactions) and regular expressions in PostgreSQL can't be correctly handled by sql parser that we use in censor.

We use https://github.com/xwb1989/sqlparser that is not a best choice for PostgreSQL protocol.

Answer 1 · 2018-07-26T10:44:25.000Z

Currently we made a "work around" for this problem by adding ignore_parse_error parameter to configuration file of AcraCensor.

If ignore_parse_error is true, AcraCensor will ignore queries that SQL parser couldn't parse. By default ignore_parse_error is false due to security reasons (we don't want attacker to create malformed query and to bypass Censor).

If future we consider using separate SQL parsers for MySQL and PostgreSQL protocols (which ones?).