Revert "Feat: A SQL function obfuscateQuery" by Algunenano · Pull Request #100711 · ClickHouse/ClickHouse

Algunenano · 2026-03-25T14:16:31Z

ASAN Crash: https://s3.amazonaws.com/clickhouse-test-reports/PRs/100683/14d36b8a2b692110d6a5f5eb898d4a37a3a612ca/unit_tests_asan_ubsan/job.log

Repro:

echo "SELECT obfuscateQuery('Ab')" | /tmp/clickhouse_pr local

=================================================================
==952891==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7b151e4069ff at pc 0x555679bb91a2 bp 0x7ffde8a41e90 sp 0x7ffde8a41e88
READ of size 1 at 0x7b151e4069ff thread T0
    #0 0x555679bb91a1 in DB::(anonymous namespace)::obfuscateIdentifier(std::__1::basic_string_view<char, std::__1::char_traits<char>>, DB::WriteBuffer&, std::__1::unordered_map<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::pair<std::__1::basic_string_view<char, std::__1::char_traits<char>> const, std::__1::basic_string_view<char, std::__1::char_traits<char>>>>>&, std::__1::unordered_set<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::basic_string_view<char, std::__1::char_traits<char>>>>&, SipHash) ci/tmp/build/./src/Parsers/obfuscateQueries.cpp:761:95
    #1 0x555679bb86e6 in DB::obfuscateQueries(std::__1::basic_string_view<char, std::__1::char_traits<char>>, DB::WriteBuffer&, std::__1::unordered_map<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::pair<std::__1::basic_string_view<char, std::__1::char_traits<char>> const, std::__1::basic_string_view<char, std::__1::char_traits<char>>>>>&, std::__1::unordered_set<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::basic_string_view<char, std::__1::char_traits<char>>>>&, SipHash, std::__1::function<bool (std::__1::basic_string_view<char, std::__1::char_traits<char>>)>) ci/tmp/build/./src/Parsers/obfuscateQueries.cpp:1509:17
    #2 0x55565550ac64 in execute ci/tmp/build/./src/Functions/obfuscateQuery.cpp:140:13
    #3 0x55565550ac64 in DB::(anonymous namespace)::ObfuscateQueryFunctionAdaptor::executeImpl(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const ci/tmp/build/./src/Functions/obfuscateQuery.cpp:251:21
    #4 0x555646daea74 in DB::IFunction::executeImplDryRun(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const ci/tmp/build/./src/Functions/IFunction.h:494:16
    #5 0x5556667c6d06 in DB::FunctionToExecutableFunctionAdaptor::executeDryRunImpl(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const ci/tmp/build/./src/Functions/IFunctionAdaptors.cpp:16:22
    #6 0x5556667b0566 in DB::IExecutableFunction::executeWithoutLowCardinalityColumns(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const ci/tmp/build/./src/Functions/IFunction.cpp:367:15
    #7 0x5556667b42b2 in DB::IExecutableFunction::executeWithoutSparseColumns(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const ci/tmp/build/./src/Functions/IFunction.cpp:442:22
    #8 0x5556667b6dff in DB::IExecutableFunction::executeWithoutReplicatedColumns(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const ci/tmp/build/./src/Functions/IFunction.cpp:581:16
    #9 0x5556667b5f16 in DB::IExecutableFunction::execute(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const ci/tmp/build/./src/Functions/IFunction.cpp:490:20
    #10 0x55566ae3f893 in DB::QueryAnalyzer::resolveFunction(std::__1::shared_ptr<DB::IQueryTreeNode>&, DB::IdentifierResolveScope&, bool) ci/tmp/build/./src/Analyzer/Resolve/resolveFunction.cpp:1541:47
    #11 0x55566a66ee52 in DB::QueryAnalyzer::resolveExpressionNode(std::__1::shared_ptr<DB::IQueryTreeNode>&, DB::IdentifierResolveScope&, bool, bool, bool, bool) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalyzer.cpp:3038:46
    #12 0x55566a66d811 in DB::QueryAnalyzer::resolveExpressionNodeList(std::__1::shared_ptr<DB::IQueryTreeNode>&, DB::IdentifierResolveScope&, bool, bool, bool) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalyzer.cpp:3190:49
    #13 0x55566a6b2133 in DB::QueryAnalyzer::resolveProjectionExpressionNodeList(std::__1::shared_ptr<DB::IQueryTreeNode>&, DB::IdentifierResolveScope&) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalyzer.cpp:3519:40
    #14 0x55566a66267c in DB::QueryAnalyzer::resolveQuery(std::__1::shared_ptr<DB::IQueryTreeNode> const&, DB::IdentifierResolveScope&) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalyzer.cpp:5265:30
    #15 0x55566a66025b in DB::QueryAnalyzer::resolve(std::__1::shared_ptr<DB::IQueryTreeNode>&, std::__1::shared_ptr<DB::IQueryTreeNode> const&, std::__1::shared_ptr<DB::Context const>) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalyzer.cpp:143:13
    #16 0x55566a65e7e6 in DB::QueryAnalysisPass::run(std::__1::shared_ptr<DB::IQueryTreeNode>&, std::__1::shared_ptr<DB::Context const>) ci/tmp/build/./src/Analyzer/Resolve/QueryAnalysisPass.cpp:18:14
    #17 0x55566a7589ab in DB::QueryTreePassManager::run(std::__1::shared_ptr<DB::IQueryTreeNode>&) ci/tmp/build/./src/Analyzer/QueryTreePassManager.cpp:195:20
    #18 0x55566c959820 in DB::buildQueryTreeAndRunPasses(boost::intrusive_ptr<DB::IAST> const&, DB::SelectQueryOptions const&, std::__1::shared_ptr<DB::Context const> const&, std::__1::shared_ptr<DB::IStorage> const&) ci/tmp/build/./src/Interpreters/InterpreterSelectQueryAnalyzer.cpp:241:33
    #19 0x55566c9541c6 in DB::InterpreterSelectQueryAnalyzer::InterpreterSelectQueryAnalyzer(boost::intrusive_ptr<DB::IAST> const&, std::__1::shared_ptr<DB::Context const> const&, DB::SelectQueryOptions const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, DB::ActionsDAG const*) ci/tmp/build/./src/Interpreters/InterpreterSelectQueryAnalyzer.cpp:259:18
    #20 0x55566c96688e in std::__1::unique_ptr<DB::InterpreterSelectQueryAnalyzer, std::__1::default_delete<DB::InterpreterSelectQueryAnalyzer>> std::__1::make_unique[abi:fe210105]<DB::InterpreterSelectQueryAnalyzer, boost::intrusive_ptr<DB::IAST>&, std::__1::shared_ptr<DB::Context> const&, DB::SelectQueryOptions const&, 0>(boost::intrusive_ptr<DB::IAST>&, std::__1::shared_ptr<DB::Context> const&, DB::SelectQueryOptions const&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__memory/unique_ptr.h:773:30
    #21 0x55566c96604d in DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0::operator()(DB::InterpreterFactory::Arguments const&) const ci/tmp/build/./src/Interpreters/InterpreterSelectQueryAnalyzer.cpp:399:16
    #22 0x55566c96604d in std::__1::__invoke_result_impl<void, DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&>::type std::__1::__invoke[abi:fe210105]<DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&>(DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:87:27
    #23 0x55566c96604d in std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> std::__1::__invoke_void_return_wrapper<std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>>, false>::__call[abi:fe210105]<DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&>(DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:334:12
    #24 0x55566c96604d in std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> std::__1::__invoke_r[abi:fe210105]<std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>>, DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&>(DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0&, DB::InterpreterFactory::Arguments const&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:348:10
    #25 0x55566c96604d in std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> std::__1::__function::__policy_func<std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> (DB::InterpreterFactory::Arguments const&)>::__call_func[abi:fe210105]<DB::registerInterpreterSelectQueryAnalyzer(DB::InterpreterFactory&)::$_0>(std::__1::__function::__policy_storage const*, DB::InterpreterFactory::Arguments const&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:450:12
    #26 0x55566c8a1c2e in std::__1::__function::__policy_func<std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> (DB::InterpreterFactory::Arguments const&)>::operator()[abi:fe210105](DB::InterpreterFactory::Arguments const&) const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:508:12
    #27 0x55566c8a1c2e in std::__1::function<std::__1::unique_ptr<DB::IInterpreter, std::__1::default_delete<DB::IInterpreter>> (DB::InterpreterFactory::Arguments const&)>::operator()(DB::InterpreterFactory::Arguments const&) const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:772:10
    #28 0x55566c8a1c2e in DB::InterpreterFactory::get(boost::intrusive_ptr<DB::IAST>&, std::__1::shared_ptr<DB::Context>, DB::SelectQueryOptions const&) ci/tmp/build/./src/Interpreters/InterpreterFactory.cpp:409:12
    #29 0x55566d14dc51 in DB::executeQueryImpl(char const*, char const*, std::__1::shared_ptr<DB::Context>, DB::QueryFlags, DB::QueryProcessingStage::Enum, std::__1::unique_ptr<DB::ReadBuffer, std::__1::default_delete<DB::ReadBuffer>>&, boost::intrusive_ptr<DB::IAST>&, std::__1::shared_ptr<DB::ImplicitTransactionControlExecutor>, std::__1::function<void ()>, DB::QueryResultDetails&) ci/tmp/build/./src/Interpreters/executeQuery.cpp:1725:66
    #30 0x55566d143818 in DB::executeQuery(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::shared_ptr<DB::Context>, DB::QueryFlags, DB::QueryProcessingStage::Enum) ci/tmp/build/./src/Interpreters/executeQuery.cpp:2174:11
    #31 0x555676d81034 in DB::LocalConnection::sendQuery(DB::ConnectionTimeouts const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>> const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, unsigned long, DB::Settings const*, DB::ClientInfo const*, bool, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::function<void (DB::Progress const&)>) ci/tmp/build/./src/Client/LocalConnection.cpp:286:21
    #32 0x555676c0f463 in DB::ClientBase::processOrdinaryQuery(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, boost::intrusive_ptr<DB::IAST>) ci/tmp/build/./src/Client/ClientBase.cpp:1324:29
    #33 0x555676c0aa0e in DB::ClientBase::processParsedSingleQuery(std::__1::basic_string_view<char, std::__1::char_traits<char>>, boost::intrusive_ptr<DB::IAST>, bool&, unsigned long) ci/tmp/build/./src/Client/ClientBase.cpp:2410:13
    #34 0x555676c28f06 in DB::ClientBase::executeMultiQuery(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) ci/tmp/build/./src/Client/ClientBase.cpp:2787:21
    #35 0x555676c2c402 in DB::ClientBase::processQueryText(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) ci/tmp/build/./src/Client/ClientBase.cpp:3038:12
    #36 0x555676c3f314 in DB::ClientBase::runNonInteractive() ci/tmp/build/./src/Client/ClientBase.cpp:3857:13
    #37 0x55565b8067ce in DB::LocalServer::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) ci/tmp/build/./programs/local/LocalServer.cpp:769:9
    #38 0x555686b7d75f in Poco::Util::Application::run() ci/tmp/build/./base/poco/Util/src/Application.cpp:315:8
    #39 0x55565b822e34 in mainEntryClickHouseLocal(int, char**) ci/tmp/build/./programs/local/LocalServer.cpp:1357:20
    #40 0x555646d97e9d in main ci/tmp/build/./programs/main.cpp:428:21
    #41 0x7f15202fa6c0 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:59:16
    #42 0x7f15202fa7f8 in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #43 0x555646cb17ad in _start (/tmp/clickhouse_pr+0x197ee7ad) (BuildId: 618ef22e5e0dc28d2784c4a0177e847536271de3)

Address 0x7b151e4069ff is located in stack of thread T0 at offset 511 in frame
    #0 0x5556555098cf in DB::(anonymous namespace)::ObfuscateQueryFunctionAdaptor::executeImpl(std::__1::vector<DB::ColumnWithTypeAndName, AllocatorWithMemoryTracking<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const ci/tmp/build/./src/Functions/obfuscateQuery.cpp:248

  This frame has 17 object(s):
    [32, 40) 'col_query' (line 83)
    [64, 72) 'col_res' (line 85)
    [96, 104) 'seed_value' (line 95)
    [128, 168) 'obfuscate_map' (line 105)
    [208, 248) 'used_nouns' (line 106)
    [288, 408) 'wb' (line 111)
    [448, 480) 'agg.tmp' (line 152)
    [512, 536) 'ref.tmp' (line 120) <== Memory access at offset 511 underflows this variable
    [576, 584) 'seed_value' (line 123)
    [608, 648) 'obfuscate_map' (line 133)
    [688, 728) 'used_nouns' (line 134)
    [768, 888) 'wb' (line 139)
    [928, 960) 'agg.tmp' (line 152)
    [992, 1016) 'ref.tmp' (line 148)
    [1056, 1080) 'ref.tmp' (line 162)
    [1120, 1152) 'impl' (line 250)
    [1184, 1208) 'agg.tmp'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ci/tmp/build/./src/Parsers/obfuscateQueries.cpp:761:95 in DB::(anonymous namespace)::obfuscateIdentifier(std::__1::basic_string_view<char, std::__1::char_traits<char>>, DB::WriteBuffer&, std::__1::unordered_map<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::pair<std::__1::basic_string_view<char, std::__1::char_traits<char>> const, std::__1::basic_string_view<char, std::__1::char_traits<char>>>>>&, std::__1::unordered_set<std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::hash<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::equal_to<std::__1::basic_string_view<char, std::__1::char_traits<char>>>, std::__1::allocator<std::__1::basic_string_view<char, std::__1::char_traits<char>>>>&, SipHash)
Shadow bytes around the buggy address:
  0x7b151e406700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7b151e406780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7b151e406800: f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 f8 f2 f2 f2
  0x7b151e406880: f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8 f8 f8 f2
  0x7b151e406900: f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
=>0x7b151e406980: f8 f8 f8 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2[f2]
  0x7b151e406a00: 00 00 00 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00
  0x7b151e406a80: 00 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2
  0x7b151e406b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2
  0x7b151e406b80: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 f8 f8 f8 f2
  0x7b151e406c00: f2 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==952891==ABORTING
Aborted                    echo "SELECT obfuscateQuery('Ab')" | /tmp/clickhouse_pr local

clickhouse-gh · 2026-03-25T14:17:14Z

Workflow [PR], commit [b65f2d2]

AI Review

Summary

This PR fully reverts ClickHouse/ClickHouse#98305 by removing obfuscateQuery / obfuscateQueryWithSeed implementation and their dedicated stateless tests. The change is coherent and self-contained: all touched files are deletions tied to that reverted feature, with no partial leftovers in src/Functions or test references. I did not find correctness, safety, concurrency, or performance issues in the revert itself.

ClickHouse Rules

Item	Status	Notes
Deletion logging	➖
Serialization versioning	➖
Core-area scrutiny	✅
No test removal	✅
Experimental gate	➖
No magic constants	➖
Backward compatibility	✅
`SettingsChangesHistory.cpp`	➖
PR metadata quality	✅
Safe rollout	✅
Compilation time	✅

Final Verdict

Status: ✅ Approve

Algunenano

Need a green CI. Merging

Add section 10 to the C++ risk checklist: "Trust boundary expansion — looking beyond the diff". This checklist triggers when a PR wraps existing internal code for a wider audience (e.g. CLI tool → SQL function, library → server endpoint). The core workflow: read the callee implementation, compare what existing callers pass vs. what the PR passes (catching degraded integration bugs like no-op callbacks), grep for dangerous patterns in the callee, and — critically — trace every suspicious finding with a concrete minimal input, writing out variable values at each iteration. The key insight, earned through many iterations of AI-assisted reviewing and refining the prompt: the primary failure mode is finding a suspicious pattern and then reasoning abstractly ("technically safe because of memory layout / padding / practical likelihood") instead of doing a 5-line concrete trace that would immediately prove or disprove the bug. The checklist explicitly calls out this anti-pattern. Motivated by ClickHouse#100711 where `obfuscateIdentifier` reads a relative offset before the buffer start on boundary inputs — a pre-existing bug that becomes exploitable when exposed as a SQL function via `obfuscateQuery`. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Add section 10 to the C++ risk checklist: "Trust boundary expansion — looking beyond the diff". This checklist triggers when a PR wraps existing internal code for a wider audience (e.g. CLI tool → SQL function, library → server endpoint). The core workflow: read the callee implementation, compare what existing callers pass vs. what the PR passes (catching degraded integration bugs like no-op callbacks), grep for dangerous patterns in the callee, and — critically — trace every suspicious finding with a concrete minimal input, writing out variable values at each iteration. The key insight, earned through many iterations of AI-assisted reviewing and refining the prompt: the primary failure mode is finding a suspicious pattern and then reasoning abstractly ("technically safe because of memory layout / padding / practical likelihood") instead of doing a 5-line concrete trace that would immediately prove or disprove the bug. The checklist explicitly calls out this anti-pattern. Motivated by ClickHouse#100711 where `obfuscateIdentifier` reads a relative offset before the buffer start on boundary inputs — a pre-existing bug that becomes exploitable when exposed as a SQL function via `obfuscateQuery`.

Revert "Feat: A SQL function obfuscateQuery"

b65f2d2

Algunenano mentioned this pull request Mar 25, 2026

Feat: A SQL function obfuscateQuery #98305

Merged

1 task

clickhouse-gh bot added the pr-not-for-changelog This PR should not be mentioned in the changelog label Mar 25, 2026

Algunenano self-assigned this Mar 25, 2026

Algunenano commented Mar 25, 2026

View reviewed changes

Algunenano added this pull request to the merge queue Mar 25, 2026

Merged via the queue into master with commit 91c2232 Mar 25, 2026
15 of 24 checks passed

Algunenano deleted the revert-98305-master branch March 25, 2026 14:35

robot-clickhouse-ci-2 added the pr-synced-to-cloud The PR is synced to the cloud repo label Mar 25, 2026

Algunenano mentioned this pull request Mar 25, 2026

Improve AI review skill: trust boundary expansion checklist and experimental gate scoping #100716

Merged

1 task

alexey-milovidov mentioned this pull request Mar 28, 2026

Revert "Revert "Feat: A SQL function obfuscateQuery"" #101027

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Revert "Feat: A SQL function obfuscateQuery"#100711

Revert "Feat: A SQL function obfuscateQuery"#100711
Algunenano merged 1 commit intomasterfrom
revert-98305-master

Algunenano commented Mar 25, 2026 •

edited

Loading

Uh oh!

clickhouse-gh bot commented Mar 25, 2026 •

edited

Loading

Uh oh!

Algunenano left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Algunenano commented Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

clickhouse-gh bot commented Mar 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

AI Review

Summary

ClickHouse Rules

Final Verdict

Uh oh!

Algunenano left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Algunenano commented Mar 25, 2026 •

edited

Loading

clickhouse-gh bot commented Mar 25, 2026 •

edited

Loading