Add query q check

Author: tobyhede

sql/010-core.sql

@@ -93,6 +93,19 @@ AS $$
   END;
 $$ LANGUAGE plpgsql;
 
+-- Query field should never be present in an encrypted column
+DROP FUNCTION IF EXISTS _cs_encrypted_check_q(jsonb);
+CREATE FUNCTION _cs_encrypted_check_q(val jsonb)
+  RETURNS boolean
+AS $$
+	BEGIN
+    IF val ? 'q'
+      RAISE 'Encrypted column should not have a query (q) field (%).', val->>'q';
+    END IF;
+    RETURN true;
+  END;
+$$ LANGUAGE plpgsql;
+
 -- Ident field should include table and column
 DROP FUNCTION IF EXISTS _cs_encrypted_check_i_ct(jsonb);
 CREATE FUNCTION _cs_encrypted_check_i_ct(val jsonb)
@@ -132,6 +145,7 @@ BEGIN ATOMIC
       _cs_encrypted_check_k(val) AND
       _cs_encrypted_check_k_ct(val) AND
       _cs_encrypted_check_k_sv(val) AND
+      _cs_encrypted_check_q(val) AND
       _cs_encrypted_check_p(val)
     );
 END;

sql/020-config-schema.sql

@@ -62,7 +62,7 @@ AS $$
       IF (SELECT bool_and(index = ANY('{match, ore, unique, ste_vec}')) FROM _cs_extract_indexes(val) AS index) THEN
         RETURN true;
       END IF;
-      RAISE 'Invalid index (%) in configuration. Index should be one of {match, ore, unique, ste_vec}', val;
+      RAISE 'Configuration has an invalid index (%). Index should be one of {match, ore, unique, ste_vec}', val;
     END IF;
     RETURN true;
   END;
@@ -78,7 +78,7 @@ AS $$
     IF EXISTS (SELECT jsonb_array_elements_text(jsonb_path_query_array(val, '$.tables.*.*.cast_as')) = ANY('{text, int, small_int, big_int, real, double, boolean, date, jsonb}')) THEN
       RETURN true;
     END IF;
-    RAISE 'Invalid cast (%) in configuration. Cast should be one of {text, int, small_int, big_int, real, double, boolean, date, jsonb}', val;
+    RAISE 'Configuration has an invalid cast_as (%). Cast should be one of {text, int, small_int, big_int, real, double, boolean, date, jsonb}', val;
   END;
 $$ LANGUAGE plpgsql;
 

tests/config.sql

@@ -211,7 +211,7 @@ TRUNCATE TABLE cs_configuration_v1;
 
 DO $$
   BEGIN
-    RAISE NOTICE 'Configuration tests: 4 errors expected';
+    RAISE NOTICE 'cs_configuration_v1 constraint tests: 4 errors expected here';
   END;
 $$ LANGUAGE plpgsql;
 --

tests/core.sql

@@ -59,7 +59,7 @@ $$ LANGUAGE plpgsql;
 
 -- -----------------------------------------------
 ---
--- cs_enncrypted)v1 tyoe
+-- cs_encrypted_v1 tyoe
 -- Validate configuration schema
 -- Try and insert many invalid configurations
 -- None should exist
@@ -70,6 +70,12 @@ TRUNCATE TABLE users;
 \set ON_ERROR_STOP off
 \set ON_ERROR_ROLLBACK on
 
+DO $$
+  BEGIN
+    RAISE NOTICE 'cs_encrypted_v1 constraint tests: 10 errors expected here';
+  END;
+$$ LANGUAGE plpgsql;
+
 
 -- no version
 INSERT INTO users (name_encrypted) VALUES (
@@ -120,12 +126,9 @@ INSERT INTO users (name_encrypted) VALUES (
   }'::jsonb
 );
 
-
-
 -- pt
 INSERT INTO users (name_encrypted) VALUES (
   '{
-    "v": 1,
     "v": 1,
     "k": "pt",
     "i": {
@@ -138,7 +141,6 @@ INSERT INTO users (name_encrypted) VALUES (
 --pt with ciphertext
 INSERT INTO users (name_encrypted) VALUES (
   '{
-    "v": 1,
     "v": 1,
     "k": "pt",
     "c": "ciphertext",
@@ -149,11 +151,9 @@ INSERT INTO users (name_encrypted) VALUES (
   }'::jsonb
 );
 
-
 -- ct without ciphertext
 INSERT INTO users (name_encrypted) VALUES (
   '{
-    "v": 1,
     "v": 1,
     "k": "ct",
     "i": {
@@ -167,7 +167,6 @@ INSERT INTO users (name_encrypted) VALUES (
 -- ct with plaintext
 INSERT INTO users (name_encrypted) VALUES (
   '{
-    "v": 1,
     "v": 1,
     "k": "ct",
     "p": "plaintext",
@@ -182,7 +181,6 @@ INSERT INTO users (name_encrypted) VALUES (
 -- ciphertext without ct
 INSERT INTO users (name_encrypted) VALUES (
   '{
-    "v": 1,
     "v": 1,
     "c": "ciphertext",
     "i": {
@@ -192,6 +190,19 @@ INSERT INTO users (name_encrypted) VALUES (
   }'::jsonb
 );
 
+-- ciphertext with invalid q
+INSERT INTO users (name_encrypted) VALUES (
+  '{
+    "v": 1,
+    "c": "ciphertext",
+    "i": {
+      "t": "users",
+      "c": "name"
+    },
+    "q": "invalid"
+  }'::jsonb
+);
+
 -- Nothing should be in the DB
 DO $$
   BEGIN