From 600b4c0820223920038787291f22125677fae159 Mon Sep 17 00:00:00 2001 From: Brian Dillmann Date: Mon, 29 Sep 2025 16:09:48 -0400 Subject: [PATCH] version: update version check to use safe introspection tool Previously, we would query `crdb_internal.node_build_info` table to get a cluster's version info. Starting at 26.1, we'll be blocking access to crdb_internal tables, as they're considered part of the "unsafe internals". To mitigate this issue before release, we'll use instead `SHOW crdb_version` to collect version information about the cluster. Fixes: #154660 Release note: none --- .github/workflows/golangci-lint.yml | 6 +++--- testing/main_test.go | 4 +--- version/version.go | 13 +++++++------ 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 6ecde92185..f43c35c9b5 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 with: - go-version: 1.17 + go-version: '1.17' - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.46.2 + version: v1.50.1 diff --git a/testing/main_test.go b/testing/main_test.go index f507895dc7..89ee60af8e 100644 --- a/testing/main_test.go +++ b/testing/main_test.go @@ -112,9 +112,7 @@ func startServerWithApplication( func getVersionFromDB(t *testing.T, db *sql.DB) *version.Version { t.Helper() var crdbVersion string - if err := db.QueryRow( - `SELECT value FROM crdb_internal.node_build_info where field = 'Version'`, - ).Scan(&crdbVersion); err != nil { + if err := db.QueryRow("SHOW crdb_version").Scan(&crdbVersion); err != nil { t.Fatal(err) } v, err := version.Parse(crdbVersion) diff --git a/version/version.go b/version/version.go index 22eebe6dd2..896303adae 100644 --- a/version/version.go +++ b/version/version.go @@ -73,22 +73,23 @@ func (v Version) String() string { // of the form "vMAJOR.MINOR.PATCH[-PRERELEASE][+METADATA]". This // conforms to https://semver.org/spec/v2.0.0.html var versionRE = regexp.MustCompile( - `^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[0-9A-Za-z-.]+)?(\+[0-9A-Za-z-.]+|)?$`, + `v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[0-9A-Za-z-.]+)?(\+[0-9A-Za-z-.]+|)?`, // ^major ^minor ^patch ^preRelease ^metadata ) // numericRE is the regexp used to check if an identifier is numeric. var numericRE = regexp.MustCompile(`^(0|[1-9][0-9]*)$`) -// Parse creates a version from a string. The string must be a valid semantic +// Parse creates a version from a string. The string must contain a valid semantic // version (as per https://semver.org/spec/v2.0.0.html) in the format: -// "vMINOR.MAJOR.PATCH[-PRERELEASE][+METADATA]". +// "vMAJOR.MINOR.PATCH[-PRERELEASE][+METADATA]". // MINOR, MAJOR, and PATCH are numeric values (without any leading 0s). // PRERELEASE and METADATA can contain ASCII characters and digits, hyphens and // dots. -func Parse(str string) (*Version, error) { - if !versionRE.MatchString(str) { - return nil, errors.Errorf("invalid version string '%s'", str) +func Parse(fullStr string) (*Version, error) { + var str string + if str = versionRE.FindString(fullStr); len(str) == 0 { + return nil, errors.Errorf("invalid version string '%s'", fullStr) } var v Version