Query goal: | Find textual columns that potentially contain usernames (including columns that potentially contain e-mail addresses) that do not have a unique constraint or a unique index that involves only this column. |
Notes about the query: | The query considers primary key, unique, and exclude constraints as well as unique indexes (including indexes that are based on functions upper and lower). The query finds columns of base tables that are not unique but the column name refers to the possibility that the column contains usernames. The query finds only columns that are either in a table that name refers to users or the table contains a column that name refers to passwords. The query considers both column names in English and Estonian. |
Query type: | Problem detection (Each row in the result could represent a flaw in the design) |
Query reliability: | Medium (Medium number of false-positive results) |
Query license: | MIT License |
Fixing suggestion: | Define unique constraint or (in case case-insensitive uniqueness is needed) unique index to the column. |
Data source: | INFORMATION_SCHEMA+system catalog |
SQL query: | Click on query to copy it
WITH constraint_attributes AS (SELECT conrelid, unnest(conkey) AS attnum FROM pg_constraint WHERE contype in ('u', 'p', 'x')), unique_indexes AS (SELECT indrelid, unnest(indkey) AS attnum FROM pg_index WHERE indisunique=TRUE), unique_function_based_indexes AS (SELECT schemaname, tablename, indexdef FROM (SELECT schemaname, tablename, indexdef FROM pg_catalog.pg_indexes WHERE indexdef~*'unique[[:space:]]+index.+(upper|lower)[(]' union select (select nspname from pg_namespace where oid=c.relnamespace) as excl_schema, c.relname as excl_table, pg_get_indexdef(o.conindid) as index_def from pg_constraint o inner join pg_class c on c.oid = o.conrelid where o.contype in ('x') and pg_get_indexdef(o.conindid) ~*'(upper|lower)') AS foo WHERE schemaname NOT IN (SELECT schema_name FROM INFORMATION_SCHEMA.schemata WHERE schema_name<>'public' AND schema_owner='postgres' AND schema_name IS NOT NULL)) SELECT n.nspname AS table_schema, c.relname AS table_name, a.attname AS column_name FROM pg_attribute AS a INNER JOIN pg_class AS c ON a.attrelid=c.oid INNER JOIN pg_namespace AS n ON c.relnamespace=n.oid INNER JOIN pg_authid AS au ON n.nspowner=au.oid INNER JOIN pg_type AS t ON a.atttypid=t.oid LEFT JOIN pg_type AS t_base ON t.typbasetype=t_base.oid WHERE (nspname='public' OR rolname<>'postgres') AND c.relkind='r' AND ((t.typtype='b' AND t.typname~'(char|text)') OR (t.typtype='d' AND t_base.typname~'(char|text)')) AND a.attname~*'(kasutajanimi|username|e_mail|e_meil|mail|meil)' AND NOT EXISTS (SELECT * FROM constraint_attributes AS ca WHERE c.oid=ca.conrelid AND a.attnum=ca.attnum) AND NOT EXISTS (SELECT * FROM unique_indexes AS ui WHERE c.oid=ui.indrelid AND a.attnum=ui.attnum) AND NOT EXISTS (SELECT * FROM unique_function_based_indexes AS ui WHERE ui.schemaname=n.nspname AND ui.tablename=c.relname AND ui.indexdef ILIKE '%(' || a.attname || ')%' ) AND (c.relname~*'(user|kasutaja|person|isik|worker|tootaja|client|customer|klient|subject|subjekt|account|acct|konto)' OR (n.nspname, c.relname) IN (SELECT n.nspname AS table_schema, c.relname AS table_name FROM pg_attribute AS a INNER JOIN pg_class AS c ON a.attrelid=c.oid INNER JOIN pg_namespace AS n ON c.relnamespace=n.oid INNER JOIN pg_authid AS au ON n.nspowner=au.oid WHERE (nspname='public' OR rolname<>'postgres') AND c.relkind='r' AND a.attname~*'(passw|pwd|pswd|pwd|pw|parool|salasona)')) ORDER BY table_schema, table_name, column_name; |
Collection name | Collection description |
---|---|
Find problems about integrity constraints | A selection of queries that return information about the state of integrity constraints in the datadabase. Contains all the types of queries - problem detection, software measure, and general overview |
Find problems automatically | Queries, that results point to problems in the database. Each query in the collection produces an initial assessment. However, a human reviewer has the final say as to whether there is a problem or not . |
Category name | Category description |
---|---|
Result quality depends on names | Queries of this category use names (for instance, column names) to try to guess the meaning of a database object. Thus, the goodness of names determines the number of false positive and false negative results. |
Security | Queries of this category provide information about the security measures. |
Uniqueness | Queries of this category provide information about uniqueness constraints (PRIMARY KEY, UNIQUE, EXCLUDE) as well as unique indexes. |
Validity and completeness | Queries of this category provide information about whether database design represents the world (domain) correctly (validity) and whether database design captures all the information about the world (domain) that is correct and relevant (completeness). |