Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulns #32

Merged
merged 55 commits into from
Dec 21, 2023
Merged
Changes from 18 commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
90273fe
clickhouse: Quote db name in ensureVersionTable
luca-nardelli Nov 29, 2022
9fe7383
Quote in drop as well
luca-nardelli Nov 30, 2022
839421e
Leverage quoteIdentifier from pgx
luca-nardelli Nov 30, 2022
50112e7
Add to clickhouse README.md database creation
volum-nova Jan 24, 2023
90a3ac4
Remove cluster adaptation for tables to pass tests
volum-nova Jan 24, 2023
64755d0
Update README.md
volum-nova Jan 24, 2023
3b02b18
Correct a spelling mistake
volum-nova Mar 19, 2023
92dec35
Move supported go version to standard place
SuperSandro2000 Jun 1, 2023
7a72550
add tests for scylladb. add scylladb to docs
mkorolyov Jun 21, 2023
45d23ed
Merge branch 'master' into scylladb_support
mkorolyov Jul 11, 2023
f8afa5a
small changes to retry failed by timeout CI
mkorolyov Jul 17, 2023
876a13d
Update aws-sdk-go to adress vulerabilitiy
Kenai Jul 18, 2023
f2e0b33
Update lib/pq to fix cert permissions issues
jorng Jul 20, 2023
129922a
Added support for pgx locking table
fortnox-andreas Sep 20, 2023
bead4a9
Added documentation and test for lock strategy
tommykfortnox Sep 20, 2023
12968a7
Add syntax highlighting to Postgres example
tobyscott25 Nov 4, 2023
72957b6
Updated version of spanner to support sequences and generate uuid
jsabbatini-upguard Nov 14, 2023
ee8a8e5
fix: typo
testwill Nov 27, 2023
5163ac7
feature: add rqlite support
swensone Nov 5, 2023
cf03803
Add rqlite 8.0.0 to tested database versions
swensone Dec 6, 2023
b82c168
patch vulns
daniel-garcia Dec 8, 2023
669437c
update rqlite 8 container version to 8.0.6
swensone Dec 14, 2023
7eac919
Merge pull request #1006 from testwill/typo
dhui Dec 19, 2023
4078ef8
New release prep
dhui Dec 19, 2023
b567287
Update from alpine 3.18 to 3.19
dhui Dec 19, 2023
5ded96d
Bump golang.org/x/crypto from 0.14.0 to 0.17.0
dependabot[bot] Dec 19, 2023
7d03609
add 8.11 and 8.12 versions and remove debug logging
swensone Dec 19, 2023
bfedabb
Merge remote-tracking branch 'upstream/master'
swensone Dec 19, 2023
834fa39
Merge pull request #1014 from golang-migrate/dependabot/go_modules/go…
dhui Dec 20, 2023
f375aeb
Merge pull request #1007 from swensone/master
dhui Dec 20, 2023
c3ebd52
Bump google.golang.org/grpc from 1.55.0 to 1.56.3
dependabot[bot] Dec 20, 2023
b39ee92
Merge pull request #999 from tobyscott25/patch-1
dhui Dec 20, 2023
47a2661
Merge pull request #1015 from golang-migrate/dependabot/go_modules/go…
dhui Dec 20, 2023
fb22436
Merge remote-tracking branch 'origin/master' into upgrade-spanner
dhui Dec 20, 2023
5026488
Clean up require directive grouping
dhui Dec 20, 2023
90c5015
Merge pull request #959 from jorng/libpq-update
dhui Dec 20, 2023
76efa72
Merge branch 'master' into master
dhui Dec 20, 2023
1d1cd48
Merge branch 'master' into scylladb_support
dhui Dec 20, 2023
0695426
Merge pull request #929 from SuperSandro2000/patch-1
dhui Dec 20, 2023
2063684
Merge branch 'master' into master
dhui Dec 20, 2023
0ba6fc3
Merge pull request #1002 from jsabbatini-upguard/upgrade-spanner
dhui Dec 20, 2023
a94396c
Merge pull request #857 from luca-nardelli/master
dhui Dec 20, 2023
eb64ffa
Merge pull request #947 from mkorolyov/scylladb_support
dhui Dec 20, 2023
691f687
Reformat ScyllaDB/Cassandra docs
dhui Dec 20, 2023
e8edcdc
Merge branch 'master' into master
dhui Dec 20, 2023
ab24e76
Merge branch 'master' into clickhouse_create_database_migrations
dhui Dec 20, 2023
091ad5d
Quote locktable from config in queries
tommykfortnox Dec 20, 2023
9c551d4
Merge pull request #875 from no-name16/clickhouse_create_database_mig…
dhui Dec 20, 2023
c7c5011
Merge pull request #956 from Kenai/master
dhui Dec 20, 2023
f2c4b52
Update aws-sdk-go from v1.44.301 to v1.49.6
dhui Dec 20, 2023
cd17c5a
Drop support for Go 1.19 and add support for Go 1.21
dhui Dec 20, 2023
d63a5c2
Only test against YugabyteDB LTS releases
dhui Dec 20, 2023
5aa4670
Fix GoReleaser deprecations
dhui Dec 20, 2023
0815e2d
Merge pull request #992 from fortnox-andreas/master
dhui Dec 20, 2023
af3698e
merge upstream master
daniel-garcia Dec 21, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -28,11 +28,11 @@ Database drivers run migrations. [Add a new database?](database/driver.go)
* [PGX v5](database/pgx/v5)
* [Redshift](database/redshift)
* [Ql](database/ql)
* [Cassandra](database/cassandra)
* [Cassandra / ScyllaDB](database/cassandra)
* [SQLite](database/sqlite)
* [SQLite3](database/sqlite3) ([todo #165](https://github.com/mattes/migrate/issues/165))
* [SQLCipher](database/sqlcipher)
* [MySQL/ MariaDB](database/mysql)
* [MySQL / MariaDB](database/mysql)
* [Neo4j](database/neo4j)
* [MongoDB](database/mongodb)
* [CrateDB](database/crate) ([todo #170](https://github.com/mattes/migrate/issues/170))
11 changes: 8 additions & 3 deletions database/cassandra/README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
# Cassandra
# Cassandra / ScyllaDB

* Drop command will not work on Cassandra 2.X because it rely on
* `Drop()` method will not work on Cassandra 2.X because it rely on
system_schema table which comes with 3.X
* Other commands should work properly but are **not tested**
* Other methods should work properly but are **not tested**
* The Cassandra driver (gocql) does not natively support executing multiple statements in a single query. To allow for multiple statements in a single migration, you can use the `x-multi-statement` param. There are two important caveats:
* This mode splits the migration text into separately-executed statements by a semi-colon `;`. Thus `x-multi-statement` cannot be used when a statement in the migration contains a string with a semi-colon.
* The queries are not executed in any sort of transaction/batch, meaning you are responsible for fixing partial migrations.

**ScyllaDB**

* No additional configuration is required since it is a drop-in replacement for Cassandra.
* The `Drop()` method` works for ScyllaDB 5.1


## Usage
`cassandra://host:port/keyspace?param1=value&param2=value2`
2 changes: 2 additions & 0 deletions database/cassandra/cassandra_test.go
Original file line number Diff line number Diff line change
@@ -25,9 +25,11 @@ var (
// Although Cassandra 2.x is supported by the Apache Foundation,
// the migrate db driver only supports Cassandra 3.x since it uses
// the system_schema keyspace.
// last ScyllaDB version tested is 5.1.11
specs = []dktesting.ContainerSpec{
{ImageName: "cassandra:3.0", Options: opts},
{ImageName: "cassandra:3.11", Options: opts},
{ImageName: "scylladb/scylla:5.1.11", Options: opts},
}
)

15 changes: 12 additions & 3 deletions database/clickhouse/clickhouse.go
Original file line number Diff line number Diff line change
@@ -220,7 +220,7 @@ func (ch *ClickHouse) ensureVersionTable() (err error) {

var (
table string
query = "SHOW TABLES FROM " + ch.config.DatabaseName + " LIKE '" + ch.config.MigrationsTable + "'"
query = "SHOW TABLES FROM " + quoteIdentifier(ch.config.DatabaseName) + " LIKE '" + ch.config.MigrationsTable + "'"
)
// check if migration table exists
if err := ch.conn.QueryRow(query).Scan(&table); err != nil {
@@ -259,7 +259,7 @@ func (ch *ClickHouse) ensureVersionTable() (err error) {
}

func (ch *ClickHouse) Drop() (err error) {
query := "SHOW TABLES FROM " + ch.config.DatabaseName
query := "SHOW TABLES FROM " + quoteIdentifier(ch.config.DatabaseName)
tables, err := ch.conn.Query(query)

if err != nil {
@@ -277,7 +277,7 @@ func (ch *ClickHouse) Drop() (err error) {
return err
}

query = "DROP TABLE IF EXISTS " + ch.config.DatabaseName + "." + table
query = "DROP TABLE IF EXISTS " + quoteIdentifier(ch.config.DatabaseName) + "." + quoteIdentifier(table)

if _, err := ch.conn.Exec(query); err != nil {
return &database.Error{OrigErr: err, Query: []byte(query)}
@@ -305,3 +305,12 @@ func (ch *ClickHouse) Unlock() error {
return nil
}
func (ch *ClickHouse) Close() error { return ch.conn.Close() }

// Copied from lib/pq implementation: https://github.com/lib/pq/blob/v1.9.0/conn.go#L1611
func quoteIdentifier(name string) string {
end := strings.IndexRune(name, 0)
if end > -1 {
name = name[:end]
}
return `"` + strings.Replace(name, `"`, `""`, -1) + `"`
}
54 changes: 27 additions & 27 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
module github.com/golang-migrate/migrate/v4

go 1.18

require (
cloud.google.com/go/spanner v1.47.0
cloud.google.com/go/storage v1.29.0
cloud.google.com/go/spanner v1.51.0
cloud.google.com/go/storage v1.30.1
github.com/Azure/go-autorest/autorest/adal v0.9.16
github.com/ClickHouse/clickhouse-go v1.4.3
github.com/aws/aws-sdk-go v1.44.301
@@ -34,19 +36,19 @@ require (
github.com/xanzy/go-gitlab v0.15.0
go.mongodb.org/mongo-driver v1.7.5
go.uber.org/atomic v1.7.0
golang.org/x/oauth2 v0.8.0
golang.org/x/tools v0.9.1
google.golang.org/api v0.126.0
golang.org/x/oauth2 v0.14.0
golang.org/x/tools v0.10.0
google.golang.org/api v0.150.0
modernc.org/ql v1.0.0
modernc.org/sqlite v1.18.1
)

require (
cloud.google.com/go v0.110.2 // indirect
cloud.google.com/go/compute v1.19.3 // indirect
cloud.google.com/go v0.110.10 // indirect
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.0 // indirect
cloud.google.com/go/longrunning v0.5.0 // indirect
cloud.google.com/go/iam v1.1.5 // indirect
cloud.google.com/go/longrunning v0.5.4 // indirect
github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
github.com/99designs/keyring v1.2.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 // indirect
@@ -78,16 +80,16 @@ require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58 // indirect
github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe // indirect
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 // indirect
github.com/cznic/mathutil v0.0.0-20180504122225-ca4c9f2c1369 // indirect
github.com/danieljoos/wincred v1.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712 // indirect
github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect
github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect
github.com/envoyproxy/go-control-plane v0.11.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect
github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect
github.com/gabriel-vasile/mimetype v1.4.1 // indirect
github.com/go-stack/stack v1.8.0 // indirect
@@ -101,12 +103,11 @@ require (
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/flatbuffers v2.0.8+incompatible // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.11.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/uuid v1.4.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/handlers v1.4.2 // indirect
github.com/gorilla/mux v1.7.4 // indirect
github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
@@ -154,19 +155,20 @@ require (
go.opencensus.io v0.24.0 // indirect
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/mod v0.11.0 // indirect
golang.org/x/net v0.18.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.30.0 // indirect
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/uint128 v1.2.0 // indirect
@@ -188,5 +190,3 @@ require (
modernc.org/token v1.0.0 // indirect
modernc.org/zappy v1.0.0 // indirect
)

go 1.18
121 changes: 51 additions & 70 deletions go.sum

Large diffs are not rendered by default.