[ISSUE] Acra throws errors on tables with columns wrapped with double quotes

Question

[ISSUE] Acra throws errors on tables with columns wrapped with double quotes

Machado117 opened this issue 3 years ago · 3 comments

Describe the bug
Errors can be found on acra server logs when creating tables with columns wrapped with double quotes. Also, when executing select queries that use columns wrapped with double quotes, encrypted fields won't be decrypted.

To Reproduce
Steps to reproduce the behavior:

Create table CREATE TABLE mytable ("NAME" bytea, "AGE" integer);

Acra logs:

2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'
2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'

Insert some data INSERT INTO mytable ("NAME", "AGE") VALUES ('John', 1);
Execute a select query SELECT * FROM mytable WHERE "AGE" = 1;
Acra logs:

2022/10/03 16:49:50 ignoring error of non parsed sql statement
2022/10/03 16:49:50 ignoring error of non parsed sql statement

Query result:

    NAME    | AGE 
------------+-----
 \x4a6f686e |   1
(1 row)

Expected behavior
Acra should parse these queries and decrypt the field

Acra configuration files
For AcraServer:
- [ ] encryptor_config.yaml.

  - table: mytable
    columns:
      - NAME
      - AGE
    encrypted:
      - column: NAME
        data_type: str

Environment (please complete the following information):

Acra version: 492568a
Database server and its version: PostgreSQL 9.6.10
Installed components:
- AcraServer
Data-in-transit encryption between Acra and the client-side application:
- no transport encryption
Installation way:
- via Docker

Answer 1 · 2022-10-03T19:18:01.000Z

Hello, nice catch. I reproduced this error and we will fix it soon. AcraServer supports columns wrapped in double quotes but in this case, sqlparser incorrectly matched this as string literal instead of column name for PostgreSQL dialect. Due to pgsql doesn't allow strings in double quotes, it was handled as error.

2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'
2022/10/03 16:49:32 ignoring error parsing DDL 'CREATE TABLE mytable ("NAME" bytea, "AGE" integer);': syntax error at position 29 near 'NAME'

These log messages are valid and don't affect any encryption operations, because acra-server doesn't need to process DDL for now. But there is an error in another place.

Answer 2 · 2022-10-11T10:22:46.000Z

Hi. Recently we have pushed new updates (#590) which fixes this issue. Please, pull and try acra from the master branch.

Answer 3 · 2022-10-11T13:49:57.000Z

Great! It's fixed, thanks!