# name: test/sql/settings/allowed_directories.test # description: Test allowed_directories setting together with enable_external_access = false # group: [settings] require skip_reload # enable_external_access = false disables extension loading require no_extension_autoloading "EXPECTED: Test disable autoloading" require parquet require json # we can set allowed_directories as much as we want statement ok SET allowed_directories=['data/csv/glob'] statement ok RESET allowed_directories statement ok SET allowed_directories=['data/csv/glob', 'data/csv/glob/1', 'data/parquet-testing/glob', 'data/json', '__TEST_DIR__'] statement ok SET enable_external_access=false # ...until enable_external_access is false statement error RESET allowed_directories ---- Cannot change allowed_directories when enable_external_access is disabled statement error SET allowed_directories=[] ---- Cannot change allowed_directories when enable_external_access is disabled # we can read CSV files from the allowed_directories query III SELECT * FROM 'data/csv/glob/f_1.csv' ---- 1 alice alice@email.com 2 eve eve@email.com 3r bob NULL # also within contained directories query I SELECT * FROM 'data/csv/glob/a1/a1.csv' ---- 2019-06-05 2019-06-15 2019-06-25 # we can also use "..", as long as we remain inside our directory query III SELECT * FROM 'data/csv/glob/a1/../f_1.csv' ---- 1 alice alice@email.com 2 eve eve@email.com 3r bob NULL # and we can use ./ query III SELECT * FROM 'data/csv/glob/./f_1.csv' ---- 1 alice alice@email.com 2 eve eve@email.com 3r bob NULL # we cannot read files that are not in the allowed directories statement error SELECT * FROM 'data/csv/all_quotes.csv' ---- Permission Error # also not through usage of ".." statement error SELECT * FROM 'data/csv/glob/../all_quotes.csv' ---- Permission Error # //.. edge case statement error SELECT * FROM 'data/csv/glob//../all_quotes.csv' ---- Permission Error statement error SELECT * FROM 'data/csv/glob/a1/../../all_quotes.csv' ---- Permission Error # we can also sniff csv files statement ok SELECT * FROM sniff_csv('data/csv/glob/f_1.csv') # but not outside of allowed directories statement error SELECT * FROM sniff_csv('data/csv/all_quotes.csv') ---- Permission Error # we can also glob allowed directories query I SELECT replace(fname, '\', '/') as fname FROM glob('data/csv/glob/*.csv') t(fname) ---- data/csv/glob/f_1.csv data/csv/glob/f_2.csv data/csv/glob/f_3.csv statement error SELECT * FROM glob('data/csv/**.csv') ---- Permission Error # we can write to our test dir statement ok COPY (SELECT 42 i) TO '__TEST_DIR__/permission_test.csv' (FORMAT csv) statement ok CREATE TABLE integers(i INT); statement ok COPY integers FROM '__TEST_DIR__/permission_test.csv' query I FROM integers ---- 42 # but not to other directories statement error COPY (SELECT 42 i) TO 'permission_test.csv' (FORMAT csv) ---- Permission Error statement error COPY integers FROM 'permission_test.csv' ---- Permission Error # we can attach databases in allowed directories statement ok ATTACH '__TEST_DIR__/attached_dir.db' AS a1 statement ok CREATE TABLE a1.integers(i INTEGER); # but not in other directories statement error ATTACH 'test.db' ---- Permission Error # we cannot load or install extensions with enable_external access statement error LOAD my_ext ---- Permission Error statement error INSTALL my_ext ---- Permission Error # export/import also work with allowed_directories statement ok EXPORT DATABASE a1 TO '__TEST_DIR__/export_test' statement error EXPORT DATABASE a1 TO 'export_test' ---- Permission Error statement error IMPORT DATABASE '__TEST_DIR__/export_test' ---- Table with name "integers" already exists! statement error IMPORT DATABASE 'export_test' ---- Permission Error # we can read parquet/json files query II SELECT * FROM 'data/parquet-testing/glob/t1.parquet' ---- 1 a statement error SELECT * FROM 'data/parquet-testing/aws2.parquet' ---- Permission Error query II SELECT * FROM 'data/parquet-testing/glob/t1.parquet' ---- 1 a