fix(query): ident role_name not support ' " \b \f in parse (#17534)

TCeason · web-flow · commit 335cdffb9cbb · 2025-02-27T22:16:40.000+08:00
diff --git a/src/query/ast/src/parser/statement.rs b/src/query/ast/src/parser/statement.rs
@@ -3209,11 +3209,33 @@ pub fn create_def(i: Input) -> IResult<CreateDefinition> {
 }
 
 pub fn role_name(i: Input) -> IResult<String> {
-    let role_ident = map(
+    let role_ident = map_res(
         rule! {
             #ident
         },
-        |role_name| role_name.name,
+        |role_name| {
+            let name = role_name.name;
+            let mut chars = name.chars();
+            while let Some(c) = chars.next() {
+                match c {
+                    '\\' => match chars.next() {
+                        Some('f') | Some('b') => {
+                            return Err(nom::Err::Failure(ErrorKind::Other(
+                                "' or \" or \\f or \\b are not allowed in role name",
+                            )));
+                        }
+                        _ => {}
+                    },
+                    '\'' | '"' => {
+                        return Err(nom::Err::Failure(ErrorKind::Other(
+                            "' or \" or \\f or \\b are not allowed in role name",
+                        )));
+                    }
+                    _ => {}
+                }
+            }
+            Ok(name)
+        },
     );
     let role_lit = map(
         rule! {
diff --git a/src/query/ast/tests/it/parser.rs b/src/query/ast/tests/it/parser.rs
@@ -258,8 +258,6 @@ fn test_statement() {
         r#"alter user 'test-e' identified by 'new-password';"#,
         r#"create role test"#,
         r#"create role 'test'"#,
-        r#"create role `a"a`"#,
-        r#"create role `a'a`"#,
         r#"create user `a'a` identified by '123'"#,
         r#"drop role if exists test"#,
         r#"drop role if exists 'test'"#,
@@ -945,6 +943,11 @@ fn test_statement_error() {
         r#"alter user 'test-e' identifies by 'new-password';"#,
         r#"create role 'test'@'%';"#,
         r#"drop role 'test'@'%';"#,
+        r#"create role `a"a`"#,
+        r#"create role `a'a`"#,
+        r#"create role `a\ba`"#,
+        r#"create role `a\fa`"#,
+        r#"drop role `a\fa`"#,
         r#"SHOW GRANT FOR ROLE 'role1';"#,
         r#"GRANT ROLE 'test' TO ROLE test-user;"#,
         r#"GRANT SELECT, ALL PRIVILEGES, CREATE ON * TO 'test-grant';"#,
diff --git a/src/query/ast/tests/it/testdata/stmt-error.txt b/src/query/ast/tests/it/testdata/stmt-error.txt
@@ -231,6 +231,76 @@ error:
   |                 ^ unexpected `@`, expecting `FORMAT` or `;`
 
 
+---------- Input ----------
+create role `a"a`
+---------- Output ---------
+error: 
+  --> SQL:1:13
+  |
+1 | create role `a"a`
+  | ------      ^^^^^
+  | |           |
+  | |           ' or " or \f or \b are not allowed in role name
+  | |           while parsing <role_name>
+  | while parsing `CREATE ROLE [IF NOT EXISTS] <role_name>`
+
+
+---------- Input ----------
+create role `a'a`
+---------- Output ---------
+error: 
+  --> SQL:1:13
+  |
+1 | create role `a'a`
+  | ------      ^^^^^
+  | |           |
+  | |           ' or " or \f or \b are not allowed in role name
+  | |           while parsing <role_name>
+  | while parsing `CREATE ROLE [IF NOT EXISTS] <role_name>`
+
+
+---------- Input ----------
+create role `a\ba`
+---------- Output ---------
+error: 
+  --> SQL:1:13
+  |
+1 | create role `a\ba`
+  | ------      ^^^^^^
+  | |           |
+  | |           ' or " or \f or \b are not allowed in role name
+  | |           while parsing <role_name>
+  | while parsing `CREATE ROLE [IF NOT EXISTS] <role_name>`
+
+
+---------- Input ----------
+create role `a\fa`
+---------- Output ---------
+error: 
+  --> SQL:1:13
+  |
+1 | create role `a\fa`
+  | ------      ^^^^^^
+  | |           |
+  | |           ' or " or \f or \b are not allowed in role name
+  | |           while parsing <role_name>
+  | while parsing `CREATE ROLE [IF NOT EXISTS] <role_name>`
+
+
+---------- Input ----------
+drop role `a\fa`
+---------- Output ---------
+error: 
+  --> SQL:1:11
+  |
+1 | drop role `a\fa`
+  | ----      ^^^^^^
+  | |         |
+  | |         ' or " or \f or \b are not allowed in role name
+  | |         while parsing <role_name>
+  | while parsing `DROP ROLE [IF EXISTS] <role_name>`
+
+
 ---------- Input ----------
 SHOW GRANT FOR ROLE 'role1';
 ---------- Output ---------
diff --git a/src/query/ast/tests/it/testdata/stmt.txt b/src/query/ast/tests/it/testdata/stmt.txt
@@ -12002,28 +12002,6 @@ CreateRole {
 }
 
 
----------- Input ----------
-create role `a"a`
----------- Output ---------
-CREATE ROLE 'a"a'
----------- AST ------------
-CreateRole {
-    if_not_exists: false,
-    role_name: "a\"a",
-}
-
-
----------- Input ----------
-create role `a'a`
----------- Output ---------
-CREATE ROLE 'a\'a'
----------- AST ------------
-CreateRole {
-    if_not_exists: false,
-    role_name: "a'a",
-}
-
-
 ---------- Input ----------
 create user `a'a` identified by '123'
 ---------- Output ---------
diff --git a/tests/sqllogictests/suites/base/05_ddl/05_0014_ddl_create_role.test b/tests/sqllogictests/suites/base/05_ddl/05_0014_ddl_create_role.test
@@ -43,8 +43,9 @@ create role 'Public'
 statement error 2217
 create role 'public'
 
+onlyif http
 statement error 2217
 create role 'a"a'
 
-statement error 2217
+statement error 1005
 create role "a'a"
