diff --git a/apps/studio/components/interfaces/SQLEditor/SQLEditor.utils.test.ts b/apps/studio/components/interfaces/SQLEditor/SQLEditor.utils.test.ts index 76fe45abe0..d0fc0f6706 100644 --- a/apps/studio/components/interfaces/SQLEditor/SQLEditor.utils.test.ts +++ b/apps/studio/components/interfaces/SQLEditor/SQLEditor.utils.test.ts @@ -414,6 +414,15 @@ describe('SQLEditor.utils:getCreateTablesMissingRLS', () => { expect(getCreateTablesMissingRLS(sql)).toEqual([]) }) + it('does not flag when ALTER TABLE IF EXISTS enables RLS', () => { + const sql = stripIndent` + CREATE TABLE IF NOT EXISTS public."Conversations" (id int8 primary key); + ALTER TABLE IF EXISTS public."Conversations" ENABLE ROW LEVEL SECURITY; + GRANT ALL ON TABLE public."Conversations" TO postgres, anon, authenticated, service_role; + ` + expect(getCreateTablesMissingRLS(sql)).toEqual([]) + }) + it('flags CREATE TEMP TABLE', () => { const result = getCreateTablesMissingRLS('create temp table foo (id int8 primary key);') expect(result).toHaveLength(1) diff --git a/apps/studio/lib/sql-event-parser.test.ts b/apps/studio/lib/sql-event-parser.test.ts index 6575d02dc1..7cb18459fa 100644 --- a/apps/studio/lib/sql-event-parser.test.ts +++ b/apps/studio/lib/sql-event-parser.test.ts @@ -288,6 +288,42 @@ describe('SQL Event Parser', () => { const results = sqlEventParser.getTableEvents('ALTER TABLE users DISABLE ROW LEVEL SECURITY') expect(results).toHaveLength(0) }) + + it('detects ALTER TABLE IF EXISTS ENABLE ROW LEVEL SECURITY', () => { + const results = sqlEventParser.getTableEvents( + 'ALTER TABLE IF EXISTS public."Conversations" ENABLE ROW LEVEL SECURITY' + ) + expect(results).toHaveLength(1) + expect(results[0]).toEqual({ + type: TABLE_EVENT_ACTIONS.TableRLSEnabled, + schema: 'public', + tableName: 'Conversations', + }) + }) + + it('detects ALTER TABLE ONLY ENABLE ROW LEVEL SECURITY', () => { + const results = sqlEventParser.getTableEvents( + 'ALTER TABLE ONLY public.users ENABLE ROW LEVEL SECURITY' + ) + expect(results).toHaveLength(1) + expect(results[0]).toEqual({ + type: TABLE_EVENT_ACTIONS.TableRLSEnabled, + schema: 'public', + tableName: 'users', + }) + }) + + it('detects ALTER TABLE IF EXISTS ONLY ENABLE ROW LEVEL SECURITY', () => { + const results = sqlEventParser.getTableEvents( + 'ALTER TABLE IF EXISTS ONLY public.users ENABLE ROW LEVEL SECURITY' + ) + expect(results).toHaveLength(1) + expect(results[0]).toEqual({ + type: TABLE_EVENT_ACTIONS.TableRLSEnabled, + schema: 'public', + tableName: 'users', + }) + }) }) describe('ReDoS protection', () => { diff --git a/apps/studio/lib/sql-event-parser.ts b/apps/studio/lib/sql-event-parser.ts index 4b01c1652a..a9023fd7b8 100644 --- a/apps/studio/lib/sql-event-parser.ts +++ b/apps/studio/lib/sql-event-parser.ts @@ -39,8 +39,8 @@ export class SQLEventParser { { type: TABLE_EVENT_ACTIONS.TableRLSEnabled, patterns: [ - /ALTER\s+TABLE\s+(?(?:"[^"]+"|[\w]+)\.)?(?(?:"(?:[^"]|"")+"|`(?:[^`]|``)+`|[\w]+)).*?ENABLE\s+ROW\s+LEVEL\s+SECURITY/i, - /ALTER\s+TABLE\s+(?(?:"[^"]+"|[\w]+)\.)?(?
(?:"(?:[^"]|"")+"|`(?:[^`]|``)+`|[\w]+)).*?ENABLE\s+RLS/i, + /ALTER\s+TABLE\s+(?:IF\s+EXISTS\s+)?(?:ONLY\s+)?(?(?:"[^"]+"|[\w]+)\.)?(?
(?:"(?:[^"]|"")+"|`(?:[^`]|``)+`|[\w]+)).*?ENABLE\s+ROW\s+LEVEL\s+SECURITY/i, + /ALTER\s+TABLE\s+(?:IF\s+EXISTS\s+)?(?:ONLY\s+)?(?(?:"[^"]+"|[\w]+)\.)?(?
(?:"(?:[^"]|"")+"|`(?:[^`]|``)+`|[\w]+)).*?ENABLE\s+RLS/i, ], }, ]