auth.users is exposed through public schema

.github/workflows/test.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Build docker images
-        run: PG_VERSION=${{ matrix.postgres }} docker-compose -f .ci/docker-compose.yml build
+        run: PG_VERSION=${{ matrix.postgres }} docker-compose -f dockerfiles/docker-compose.yml build
 
       - name: Run tests
-        run: PG_VERSION=${{ matrix.postgres }} docker-compose -f .ci/docker-compose.yml run test
+        run: PG_VERSION=${{ matrix.postgres }} docker-compose -f dockerfiles/docker-compose.yml run test

README.md

@@ -45,5 +45,5 @@ To run the test suite,
 
 Run test
 ```sh
-docker rmi -f dockerfiles-test && SUPABASE_VERSION=15.1.1.13 docker-compose -f dockerfiles/docker-compose.yml run --rm test
+docker rmi -f dockerfiles-db && SUPABASE_VERSION=15.1.1.13 docker-compose -f dockerfiles/docker-compose.yml run --rm test
 ```

bin/installcheck

@@ -49,7 +49,7 @@ else
 fi
 
 # Execute the test fixtures
-psql -v ON_ERROR_STOP=1 -f lints/*.sql -f test/fixtures.sql -d contrib_regression
+psql -v ON_ERROR_STOP= -f test/fixtures.sql -f lints/0001*.sql -f lints/0002*.sql -d contrib_regression
 
 # Run tests
 ${REGRESS} --use-existing --dbname=contrib_regression --inputdir=${TESTDIR} ${TESTS}

dockerfiles/docker-compose.yml

@@ -2,11 +2,16 @@ version: '3'
 services:
 
   test:
-    container_name: repo_test
+    container_name: supabase-db
     build:
         context: ..
         dockerfile: ./dockerfiles/Dockerfile
         args:
           PG_VERSION: ${SUPABASE_VERSION:-15.1.1.13}
+    healthcheck:
+      test: pg_isready -U postgres -h localhost
+      interval: 5s
+      timeout: 5s
+      retries: 10
     command:
       - ./bin/installcheck

lints/0002_auth_users_exposed.sql

@@ -0,0 +1,39 @@
+create view "0002_auth_users_exposed" as
+
+select
+    'auth_users_exposed' as name,
+    'WARN' as level,
+    'EXTERNAL' as facing,
+    'Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in the public schema, potentially compromising user data security.' as description,
+    format(
+        'View/Materialized View "%s" in the public schema may expose auth.users data to anon or authenticated roles.',
+        c.relname
+    ) as detail,
+    'Review the view/materialized view definition to ensure it does not unintentionally expose sensitive user data. Apply proper role permissions and consider using row-level security to protect sensitive data.' as remediation,
+    jsonb_build_object(
+        'view_name', c.relname,
+        'schema', 'public',
+        'exposed_to', array_remove(array_agg(DISTINCT case when pg_catalog.has_table_privilege('anon', c.oid, 'SELECT') then 'anon' when pg_catalog.has_table_privilege('authenticated', c.oid, 'SELECT') then 'authenticated' end), null)
+    ) as metadata,
+    format('auth_users_exposed_%s', c.relname) as cache_key
+from
+	pg_depend d
+	join pg_rewrite r
+		on r.oid = d.objid
+	join pg_class c
+		on c.oid = r.ev_class
+	join pg_namespace n
+		on n.oid = c.relnamespace
+where
+	d.refobjid = 'auth.users'::regclass
+	and d.deptype = 'n'
+	and c.relkind in ('v', 'm') -- v for view, m for materialized view
+	and n.nspname = 'public'
+	and (
+	  pg_catalog.has_table_privilege('anon', c.oid, 'SELECT')
+	  or pg_catalog.has_table_privilege('authenticated', c.oid, 'SELECT')
+	)
+	-- Exclude self
+	and c.relname <> '0002_auth_users_exposed'
+group by
+	c.relname, c.oid;

test/expected/0002_auth_users_exposed.out

@@ -0,0 +1,17 @@
+begin;
+	-- No issues	
+	select * from "0002_auth_users_exposed";
+ name | level | facing | description | detail | remediation | metadata | cache_key 
+------+-------+--------+-------------+--------+-------------+----------+-----------
+(0 rows)
+
+	-- Create a view that exposes auth.users
+	create view public.oops as
+	select * from auth.users;
+	select * from "0002_auth_users_exposed";
+        name        | level |  facing  |                                                                            description                                                                             |                                                    detail                                                     |                                                                                                  remediation                                                                                                  |                             metadata                              |        cache_key        
+--------------------+-------+----------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+-------------------------
+ auth_users_exposed | WARN  | EXTERNAL | Detects if auth.users is exposed to anon or authenticated roles via a view or materialized view in the public schema, potentially compromising user data security. | View/Materialized View "oops" in the public schema may expose auth.users data to anon or authenticated roles. | Review the view/materialized view definition to ensure it does not unintentionally expose sensitive user data. Apply proper role permissions and consider using row-level security to protect sensitive data. | {"schema": "public", "view_name": "oops", "exposed_to": ["anon"]} | auth_users_exposed_oops
+(1 row)
+
+rollback;

test/fixtures.sql

@@ -0,0 +1,7 @@
+create schema auth;
+create view auth.users as select 1;
+
+create role anon;
+create role authenticated;
+grant usage on schema public to anon, authenticated;
+alter default privileges in schema public grant select on tables to public;

test/sql/0002_auth_users_exposed.sql

@@ -0,0 +1,12 @@
+begin;
+
+	-- No issues	
+	select * from "0002_auth_users_exposed";
+
+	-- Create a view that exposes auth.users
+	create view public.oops as
+	select * from auth.users;
+
+	select * from "0002_auth_users_exposed";
+
+rollback;