From 4bd5f29e05105befdcca0ab46e32b720a87f6b51 Mon Sep 17 00:00:00 2001 From: Sam Jewell <2903904+samjewell@users.noreply.github.com> Date: Wed, 12 Mar 2025 11:39:48 +0000 Subject: [PATCH] SQL Expressions: Allow more functions (#102011) I used Cursor and Claude 3.7 thinking to expand the list of functions we allow. Specifically I needed `abs`. TODO: Check each of these in the official MySQL docs to ensure they are all safe: eg. this doc: https://dev.mysql.com/doc/refman/8.4/en/flow-control-functions.html#operator_case --- pkg/expr/sql/parser_allow.go | 44 +++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/pkg/expr/sql/parser_allow.go b/pkg/expr/sql/parser_allow.go index 3b5d553af08..e7b1beed175 100644 --- a/pkg/expr/sql/parser_allow.go +++ b/pkg/expr/sql/parser_allow.go @@ -136,17 +136,55 @@ func allowedFunction(f *sqlparser.FuncExpr) (b bool) { b = true // so don't have to return true in every case but default switch strings.ToLower(f.Name.String()) { - case "if": + // Conditional functions + case "if", "coalesce", "ifnull", "nullif": return + // Aggregation functions case "sum", "avg", "count", "min", "max": return - - case "coalesce": + case "stddev", "std", "stddev_pop": + return + case "variance", "var_pop": return + // Mathematical functions + case "abs": + return + case "round", "floor", "ceiling", "ceil": + return + case "sqrt", "pow", "power": + return + case "mod", "log", "log10", "exp": + return + case "sign": + return + + // String functions + case "concat", "length", "char_length": + return + case "lower", "upper": + return + case "substring", "trim": + return + + // Date functions case "str_to_date": return + case "date_format", "now", "curdate", "curtime": + return + case "date_add", "date_sub": + return + case "year", "month", "day", "weekday": + return + case "datediff": + return + case "unix_timestamp", "from_unixtime": + return + + // Type conversion + case "cast", "convert": + return default: return false