mirror of
https://github.com/postgres/postgres.git
synced 2025-08-06 18:42:54 +03:00
Allow contrib/file_fdw to read from a program, like COPY FROM PROGRAM.
This patch just exposes COPY's FROM PROGRAM option in contrib/file_fdw. There don't seem to be any security issues with that that are any worse than what already exist with file_fdw and COPY; as in the existing cases, only superusers are allowed to control what gets executed. A regression test case might be nice here, but choosing a 100% portable command to run is hard. (We haven't got a test for COPY FROM PROGRAM itself, either.) Corey Huinker and Adam Gomaa, reviewed by Amit Langote Discussion: <CADkLM=dGDGmaEiZ=UDepzumWg-CVn7r8MHPjr2NArj8S3TsROQ@mail.gmail.com>
This commit is contained in:
Tom Lane
@@ -10,10 +10,11 @@
|
||||
<para>
|
||||
The <filename>file_fdw</> module provides the foreign-data wrapper
|
||||
<function>file_fdw</function>, which can be used to access data
|
||||
files in the server's file system. Data files must be in a format
|
||||
files in the server's file system, or to execute programs on the server
|
||||
and read their output. The data file or program output must be in a format
|
||||
that can be read by <command>COPY FROM</command>;
|
||||
see <xref linkend="sql-copy"> for details.
|
||||
Access to such data files is currently read-only.
|
||||
Access to data files is currently read-only.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -27,7 +28,22 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file to be read. Required. Must be an absolute path name.
|
||||
Specifies the file to be read. Must be an absolute path name.
|
||||
Either <literal>filename</literal> or <literal>program</literal> must be
|
||||
specified, but not both.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><literal>program</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the command to be executed. The standard output of this
|
||||
command will be read as though <command>COPY FROM PROGRAM</> were used.
|
||||
Either <literal>program</literal> or <literal>filename</literal> must be
|
||||
specified, but not both.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -37,7 +53,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's format,
|
||||
Specifies the data format,
|
||||
the same as <command>COPY</>'s <literal>FORMAT</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -48,7 +64,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies whether the file has a header line,
|
||||
Specifies whether the data has a header line,
|
||||
the same as <command>COPY</>'s <literal>HEADER</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -59,7 +75,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's delimiter character,
|
||||
Specifies the data delimiter character,
|
||||
the same as <command>COPY</>'s <literal>DELIMITER</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -70,7 +86,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's quote character,
|
||||
Specifies the data quote character,
|
||||
the same as <command>COPY</>'s <literal>QUOTE</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -81,7 +97,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's escape character,
|
||||
Specifies the data escape character,
|
||||
the same as <command>COPY</>'s <literal>ESCAPE</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -92,7 +108,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's null string,
|
||||
Specifies the data null string,
|
||||
the same as <command>COPY</>'s <literal>NULL</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -103,7 +119,7 @@
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the file's encoding,
|
||||
Specifies the data encoding,
|
||||
the same as <command>COPY</>'s <literal>ENCODING</literal> option.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -112,11 +128,11 @@
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
Note that while <command>COPY</> allows options such as OIDS and HEADER
|
||||
to be specified without a corresponding value, the foreign data wrapper
|
||||
Note that while <command>COPY</> allows options such as <literal>HEADER</>
|
||||
to be specified without a corresponding value, the foreign table option
|
||||
syntax requires a value to be present in all cases. To activate
|
||||
<command>COPY</> options normally supplied without a value, you can
|
||||
instead pass the value TRUE.
|
||||
<command>COPY</> options typically written without a value, you can pass
|
||||
the value TRUE, since all such options are Booleans.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@@ -133,7 +149,7 @@
|
||||
<para>
|
||||
This is a Boolean option. If true, it specifies that values of the
|
||||
column should not be matched against the null string (that is, the
|
||||
file-level <literal>null</literal> option). This has the same effect
|
||||
table-level <literal>null</literal> option). This has the same effect
|
||||
as listing the column in <command>COPY</>'s
|
||||
<literal>FORCE_NOT_NULL</literal> option.
|
||||
</para>
|
||||
@@ -171,14 +187,24 @@
|
||||
|
||||
<para>
|
||||
Changing table-level options requires superuser privileges, for security
|
||||
reasons: only a superuser should be able to determine which file is read.
|
||||
In principle non-superusers could be allowed to change the other options,
|
||||
but that's not supported at present.
|
||||
reasons: only a superuser should be able to control which file is read
|
||||
or which program is run. In principle non-superusers could be allowed to
|
||||
change the other options, but that's not supported at present.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When specifying the <literal>program</> option, keep in mind that the option
|
||||
string is executed by the shell. If you need to pass any arguments to the
|
||||
command that come from an untrusted source, you must be careful to strip or
|
||||
escape any characters that might have special meaning to the shell.
|
||||
For security reasons, it is best to use a fixed command string, or at least
|
||||
avoid passing any user input in it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For a foreign table using <literal>file_fdw</>, <command>EXPLAIN</> shows
|
||||
the name of the file to be read. Unless <literal>COSTS OFF</> is
|
||||
the name of the file to be read or program to be run.
|
||||
For a file, unless <literal>COSTS OFF</> is
|
||||
specified, the file size (in bytes) is shown as well.
|
||||
</para>
|
||||
|
||||
@@ -186,7 +212,7 @@
|
||||
<title id="csvlog-fdw">Create a Foreign Table for PostgreSQL CSV Logs</title>
|
||||
|
||||
<para>
|
||||
One of the obvious uses for the <literal>file_fdw</> is to make
|
||||
One of the obvious uses for <literal>file_fdw</> is to make
|
||||
the PostgreSQL activity log available as a table for querying. To
|
||||
do this, first you must be logging to a CSV file, which here we
|
||||
will call <literal>pglog.csv</>. First, install <literal>file_fdw</>
|
||||
|
||||
Reference in New Issue
Block a user