From 92fd730de22df06f6d4f44122b1a68556b88145f Mon Sep 17 00:00:00 2001 From: Dany Maillard Date: Thu, 29 Aug 2024 16:35:12 +0200 Subject: [PATCH] [IND-519] SQL: Add current user clause to every queries --- go.mod | 1 + go.sum | 2 ++ pkg/tsdb/sqleng/sql_engine.go | 31 +++++++++++++++++++++++++++++-- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index afbd6c73678e2..c0aad669a5944 100644 --- a/go.mod +++ b/go.mod @@ -496,6 +496,7 @@ require ( github.com/mithrandie/go-file/v2 v2.1.0 // indirect github.com/mithrandie/go-text v1.5.4 // indirect github.com/mithrandie/ternary v1.1.1 // indirect + github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2 // indirect ) // Use fork of crewjam/saml with fixes for some issues until changes get merged into upstream diff --git a/go.sum b/go.sum index cc8f43450665b..395580890f2d1 100644 --- a/go.sum +++ b/go.sum @@ -3647,6 +3647,8 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1: github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= +github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2 h1:zzrxE1FKn5ryBNl9eKOeqQ58Y/Qpo3Q9QNxKHX5uzzQ= +github.com/xwb1989/sqlparser v0.0.0-20180606152119-120387863bf2/go.mod h1:hzfGeIUDq/j97IG+FhNqkowIyEcD88LrW6fyU3K3WqY= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= github.com/yalue/merged_fs v1.2.2 h1:vXHTpJBluJryju7BBpytr3PDIkzsPMpiEknxVGPhN/I= github.com/yalue/merged_fs v1.2.2/go.mod h1:WqqchfVYQyclV2tnR7wtRhBddzBvLVR83Cjw9BKQw0M= diff --git a/pkg/tsdb/sqleng/sql_engine.go b/pkg/tsdb/sqleng/sql_engine.go index 543ceec0375c0..7117797c44f43 100644 --- a/pkg/tsdb/sqleng/sql_engine.go +++ b/pkg/tsdb/sqleng/sql_engine.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "github.com/xwb1989/sqlparser" "net" "regexp" "strconv" @@ -183,7 +184,7 @@ func (e *DataSourceHandler) QueryData(ctx context.Context, req *backend.QueryDat } wg.Add(1) - go e.executeQuery(query, &wg, ctx, ch, queryjson) + go e.executeQuery(query, &wg, ctx, ch, queryjson, req) } wg.Wait() @@ -205,7 +206,7 @@ func stackTrace(skip int) string { } func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitGroup, queryContext context.Context, - ch chan DBDataResponse, queryJson QueryJson) { + ch chan DBDataResponse, queryJson QueryJson, req *backend.QueryDataRequest) { defer wg.Done() queryResult := DBDataResponse{ dataResponse: backend.DataResponse{}, @@ -254,6 +255,12 @@ func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitG return } + interpolatedQuery, err = whereUsernameEquals(interpolatedQuery, req.PluginContext.User.Login) + if err != nil { + errAppendDebug("add current user clause failed", e.TransformQueryError(logger, err), interpolatedQuery) + return + } + rows, err := e.db.QueryContext(queryContext, interpolatedQuery) if err != nil { errAppendDebug("db query error", e.TransformQueryError(logger, err), interpolatedQuery) @@ -366,6 +373,26 @@ func (e *DataSourceHandler) executeQuery(query backend.DataQuery, wg *sync.WaitG ch <- queryResult } +func whereUsernameEquals(query string, username string) (string, error) { + stmt, err := sqlparser.Parse(query) + if err != nil { + return "", err + } + + selectStmt, ok := stmt.(*sqlparser.Select) + if !ok { + return query, nil + } + + selectStmt.AddWhere(&sqlparser.ComparisonExpr{ + Operator: sqlparser.EqualStr, + Left: &sqlparser.ColName{Name: sqlparser.NewColIdent("username")}, + Right: sqlparser.NewStrVal([]byte(username)), + }) + + return sqlparser.String(selectStmt), nil +} + // Interpolate provides global macros/substitutions for all sql datasources. var Interpolate = func(query backend.DataQuery, timeRange backend.TimeRange, timeInterval string, sql string) string { interval := query.Interval