200 lines
3.9 KiB
SQL
200 lines
3.9 KiB
SQL
# name: test/sql/settings/allowed_directories.test
|
|
# description: Test allowed_directories setting together with enable_external_access = false
|
|
# group: [settings]
|
|
|
|
require skip_reload
|
|
|
|
# enable_external_access = false disables extension loading
|
|
require no_extension_autoloading "EXPECTED: Test disable autoloading"
|
|
|
|
require parquet
|
|
|
|
require json
|
|
|
|
# we can set allowed_directories as much as we want
|
|
statement ok
|
|
SET allowed_directories=['data/csv/glob']
|
|
|
|
statement ok
|
|
RESET allowed_directories
|
|
|
|
statement ok
|
|
SET allowed_directories=['data/csv/glob', 'data/csv/glob/1', 'data/parquet-testing/glob', 'data/json', '__TEST_DIR__']
|
|
|
|
statement ok
|
|
SET enable_external_access=false
|
|
|
|
# ...until enable_external_access is false
|
|
statement error
|
|
RESET allowed_directories
|
|
----
|
|
Cannot change allowed_directories when enable_external_access is disabled
|
|
|
|
statement error
|
|
SET allowed_directories=[]
|
|
----
|
|
Cannot change allowed_directories when enable_external_access is disabled
|
|
|
|
# we can read CSV files from the allowed_directories
|
|
query III
|
|
SELECT * FROM 'data/csv/glob/f_1.csv'
|
|
----
|
|
1 alice alice@email.com
|
|
2 eve eve@email.com
|
|
3r bob NULL
|
|
|
|
# also within contained directories
|
|
query I
|
|
SELECT * FROM 'data/csv/glob/a1/a1.csv'
|
|
----
|
|
2019-06-05
|
|
2019-06-15
|
|
2019-06-25
|
|
|
|
# we can also use "..", as long as we remain inside our directory
|
|
query III
|
|
SELECT * FROM 'data/csv/glob/a1/../f_1.csv'
|
|
----
|
|
1 alice alice@email.com
|
|
2 eve eve@email.com
|
|
3r bob NULL
|
|
|
|
# and we can use ./
|
|
query III
|
|
SELECT * FROM 'data/csv/glob/./f_1.csv'
|
|
----
|
|
1 alice alice@email.com
|
|
2 eve eve@email.com
|
|
3r bob NULL
|
|
|
|
# we cannot read files that are not in the allowed directories
|
|
statement error
|
|
SELECT * FROM 'data/csv/all_quotes.csv'
|
|
----
|
|
Permission Error
|
|
|
|
# also not through usage of ".."
|
|
statement error
|
|
SELECT * FROM 'data/csv/glob/../all_quotes.csv'
|
|
----
|
|
Permission Error
|
|
|
|
# //.. edge case
|
|
statement error
|
|
SELECT * FROM 'data/csv/glob//../all_quotes.csv'
|
|
----
|
|
Permission Error
|
|
|
|
statement error
|
|
SELECT * FROM 'data/csv/glob/a1/../../all_quotes.csv'
|
|
----
|
|
Permission Error
|
|
|
|
# we can also sniff csv files
|
|
statement ok
|
|
SELECT * FROM sniff_csv('data/csv/glob/f_1.csv')
|
|
|
|
# but not outside of allowed directories
|
|
statement error
|
|
SELECT * FROM sniff_csv('data/csv/all_quotes.csv')
|
|
----
|
|
Permission Error
|
|
|
|
# we can also glob allowed directories
|
|
query I
|
|
SELECT replace(fname, '\', '/') as fname FROM glob('data/csv/glob/*.csv') t(fname)
|
|
----
|
|
data/csv/glob/f_1.csv
|
|
data/csv/glob/f_2.csv
|
|
data/csv/glob/f_3.csv
|
|
|
|
statement error
|
|
SELECT * FROM glob('data/csv/**.csv')
|
|
----
|
|
Permission Error
|
|
|
|
# we can write to our test dir
|
|
statement ok
|
|
COPY (SELECT 42 i) TO '__TEST_DIR__/permission_test.csv' (FORMAT csv)
|
|
|
|
statement ok
|
|
CREATE TABLE integers(i INT);
|
|
|
|
statement ok
|
|
COPY integers FROM '__TEST_DIR__/permission_test.csv'
|
|
|
|
query I
|
|
FROM integers
|
|
----
|
|
42
|
|
|
|
# but not to other directories
|
|
statement error
|
|
COPY (SELECT 42 i) TO 'permission_test.csv' (FORMAT csv)
|
|
----
|
|
Permission Error
|
|
|
|
statement error
|
|
COPY integers FROM 'permission_test.csv'
|
|
----
|
|
Permission Error
|
|
|
|
# we can attach databases in allowed directories
|
|
statement ok
|
|
ATTACH '__TEST_DIR__/attached_dir.db' AS a1
|
|
|
|
statement ok
|
|
CREATE TABLE a1.integers(i INTEGER);
|
|
|
|
# but not in other directories
|
|
statement error
|
|
ATTACH 'test.db'
|
|
----
|
|
Permission Error
|
|
|
|
# we cannot load or install extensions with enable_external access
|
|
statement error
|
|
LOAD my_ext
|
|
----
|
|
Permission Error
|
|
|
|
statement error
|
|
INSTALL my_ext
|
|
----
|
|
Permission Error
|
|
|
|
# export/import also work with allowed_directories
|
|
statement ok
|
|
EXPORT DATABASE a1 TO '__TEST_DIR__/export_test'
|
|
|
|
statement error
|
|
EXPORT DATABASE a1 TO 'export_test'
|
|
----
|
|
Permission Error
|
|
|
|
statement error
|
|
IMPORT DATABASE '__TEST_DIR__/export_test'
|
|
----
|
|
Table with name "integers" already exists!
|
|
|
|
statement error
|
|
IMPORT DATABASE 'export_test'
|
|
----
|
|
Permission Error
|
|
|
|
# we can read parquet/json files
|
|
query II
|
|
SELECT * FROM 'data/parquet-testing/glob/t1.parquet'
|
|
----
|
|
1 a
|
|
|
|
statement error
|
|
SELECT * FROM 'data/parquet-testing/aws2.parquet'
|
|
----
|
|
Permission Error
|
|
|
|
query II
|
|
SELECT * FROM 'data/parquet-testing/glob/t1.parquet'
|
|
----
|
|
1 a
|