mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-04-20 08:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
df56f6bdc2086ab3cd9684eba333099561276c19
scylladb/cql3
History
Nadav Har'El e436db01e3 Merge 'cql3: fix authorization bypass via BATCH prepared cache poisoning' from Marcin Maliszkiewicz 
execute_batch_without_checking_exception_message() inserted entries
into the authorized prepared cache before verifying that
check_access() succeeded. A failed BATCH therefore left behind
cached 'authorized' entries that later let a direct EXECUTE of the
same prepared statement skip the authorization check entirely.

Move the cache insertion after the access check so that entries are
only cached on success. This matches the pattern already used by
do_execute_prepared() for individual EXECUTE requests.

Introduced in 98f5e49ea8

Fixes https://scylladb.atlassian.net/browse/SCYLLADB-1221

Backport: all supported versions

Closes scylladb/scylladb#29432

* github.com:scylladb/scylladb:
  test/cqlpy: add reproducer for BATCH prepared auth cache bypass
  cql3: fix authorization bypass via BATCH prepared cache poisoning

(cherry picked from commit 986167a416)

Closes scylladb/scylladb#29479
2026-04-15 17:14:20 +02:00
..
expr
vector_similarity_fcts: retrieve similarity function argument types
2026-01-02 12:48:43 +01:00
functions
vector_search: return NaN for similarity_cosine with all-zero vectors
2026-02-23 17:09:50 +00:00
restrictions
vector_search: forward non-primary key restrictions to Vector Store service
2026-04-12 14:39:48 +03:00
selection
cql3: introduce similarity functions syntax
2026-01-02 12:48:43 +01:00
statements
cql3/statements/describe_statement: hide paxos state tables
2026-02-02 23:31:58 +00:00
assignment_testable.hh
vector_similarity_fcts: retrieve similarity function argument types
2026-01-02 12:48:43 +01:00
attributes.cc
cql: add CONCURRENCY to the USING clause
2025-11-21 12:32:52 +01:00
attributes.hh
cql: add CONCURRENCY to the USING clause
2025-11-21 12:32:52 +01:00
authorized_prepared_statements_cache.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cf_name.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cf_name.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
CMakeLists.txt
cql: add select_statement.cc
2026-01-21 14:56:01 +01:00
column_identifier.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
column_identifier.hh
cql3: Remove unnecessary 'virtual' specifiers from final class methods
2025-04-03 13:51:42 +03:00
column_specification.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
column_specification.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
constants.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
constants.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cql3_type.cc
treewide: Move type related files to a type directory As requested in #22110, moved the files and fixed other includes and build system.
2025-09-17 17:32:19 +03:00
cql3_type.hh
cql3: add vector type syntax
2025-01-28 21:14:49 +01:00
cql_config.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cql_statement.hh
audit: Add the audit subsystem
2025-01-15 11:10:35 +01:00
Cql.g
Merge 'index: Accept view properties in CREATE INDEX' from Dawid Mędrek
2026-01-14 09:54:27 +02:00
description.cc
cql3/description: Serialize only rvalues of description
2025-07-01 12:58:11 +02:00
description.hh
cql3/description: Serialize only rvalues of description
2025-07-01 12:58:11 +02:00
dialect.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
error_collector.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
error_listener.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
index_name.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
index_name.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
keyspace_element_name.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
keyspace_element_name.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
lists.cc
tree: Remove unused boost headers
2025-02-25 10:32:32 +03:00
lists.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
maps.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
maps.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
operation_impl.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
operation.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
operation.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
prepare_context.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
prepare_context.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
prepared_statements_cache.hh
Merge 'cql3: pin prepared cache entry in prepare() to avoid invalid weak handle race' from Alex Dathskovsky
2026-03-20 10:27:04 +02:00
query_options_fwd.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
query_options.cc
cql3: remove throwing protocol_exception
2025-08-28 23:33:15 +02:00
query_options.hh
treewide: Move mutation related files to a mutation directory
2025-09-24 13:23:38 +03:00
query_processor.cc
Merge 'cql3: fix authorization bypass via BATCH prepared cache poisoning' from Marcin Maliszkiewicz
2026-04-15 17:14:20 +02:00
query_processor.hh
Merge 'strongly consistent tables: basic implementation' from Petr Gusev
2026-01-23 09:52:33 +01:00
query_result_printer.hh
Merge 'db/batchlog_manager: re-add v1 support for mixed clusters' from Botond Dénes
2026-03-04 08:28:39 +02:00
result_generator.hh
cql3: result_set: Initialize result_generator::_stats to prevent undefined behavior
2025-02-28 13:57:13 +03:00
result_set.cc
Merge 'db/batchlog_manager: re-add v1 support for mixed clusters' from Botond Dénes
2026-03-04 08:28:39 +02:00
result_set.hh
vector_index: rescoring: Add hidden similarity score column
2026-01-22 15:38:40 +01:00
role_name.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_name.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_options.hh
cql3: Rename SALTED HASH to HASHED PASSWORD
2024-10-30 14:07:58 +02:00
sets.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
sets.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
stats.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
untyped_result_set.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
untyped_result_set.hh
treewide: Move query related files to a new query directory
2025-09-16 23:40:47 +03:00
update_parameters.cc
treewide: Move query related files to a new query directory
2025-09-16 23:40:47 +03:00
update_parameters.hh
treewide: Move mutation related files to a mutation directory
2025-09-24 13:23:38 +03:00
user_types.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
user_types.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
ut_name.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
ut_name.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
util.cc
config: split tri_mode_restriction to a separate header
2025-08-27 13:47:04 +03:00
util.hh
cql3/statements: implement external ANN OF queries
2025-08-05 12:34:48 +02:00
values.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
values.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00