Fix panic with GRANT/REVOKE in CONNECT, CREATE, EXECUTE or TEMPORARY (#401)

* fix inconsistency between parse_grant_permissions and matched keywords

* Make it clear the error is an internal problem

Co-authored-by: Andrew Lamb <andrew@nerdnetworks.org>

src/parser.rs

@@ -3240,22 +3240,38 @@ impl<'a> Parser<'a> {
                 with_privileges_keyword: self.parse_keyword(Keyword::PRIVILEGES),
             }
         } else {
-            Privileges::Actions(
+            let (actions, err): (Vec<_>, Vec<_>) = self
-                self.parse_comma_separated(Parser::parse_grant_permission)?
+                .parse_comma_separated(Parser::parse_grant_permission)?
                 .into_iter()
                 .map(|(kw, columns)| match kw {
-                        Keyword::DELETE => Action::Delete,
+                    Keyword::DELETE => Ok(Action::Delete),
-                        Keyword::INSERT => Action::Insert { columns },
+                    Keyword::INSERT => Ok(Action::Insert { columns }),
-                        Keyword::REFERENCES => Action::References { columns },
+                    Keyword::REFERENCES => Ok(Action::References { columns }),
-                        Keyword::SELECT => Action::Select { columns },
+                    Keyword::SELECT => Ok(Action::Select { columns }),
-                        Keyword::TRIGGER => Action::Trigger,
+                    Keyword::TRIGGER => Ok(Action::Trigger),
-                        Keyword::TRUNCATE => Action::Truncate,
+                    Keyword::TRUNCATE => Ok(Action::Truncate),
-                        Keyword::UPDATE => Action::Update { columns },
+                    Keyword::UPDATE => Ok(Action::Update { columns }),
-                        Keyword::USAGE => Action::Usage,
+                    Keyword::USAGE => Ok(Action::Usage),
-                        _ => unreachable!(),
+                    Keyword::CONNECT => Ok(Action::Connect),
+                    Keyword::CREATE => Ok(Action::Create),
+                    Keyword::EXECUTE => Ok(Action::Execute),
+                    Keyword::TEMPORARY => Ok(Action::Temporary),
+                    // This will cover all future added keywords to
+                    // parse_grant_permission and unhandled in this
+                    // match
+                    _ => Err(kw),
                 })
-                    .collect(),
+                .partition(Result::is_ok);
-            )
+
+            if !err.is_empty() {
+                let errors: Vec<Keyword> = err.into_iter().filter_map(|x| x.err()).collect();
+                return Err(ParserError::ParserError(format!(
+                    "INTERNAL ERROR: GRANT/REVOKE unexpected keyword(s) - {:?}",
+                    errors
+                )));
+            }
+            let act = actions.into_iter().filter_map(|x| x.ok()).collect();
+            Privileges::Actions(act)
         };
 
         self.expect_keyword(Keyword::ON)?;

tests/sqlparser_common.rs

@@ -3898,7 +3898,7 @@ fn parse_drop_index() {
 
 #[test]
 fn parse_grant() {
-    let sql = "GRANT SELECT, INSERT, UPDATE (shape, size), USAGE, DELETE, TRUNCATE, REFERENCES, TRIGGER ON abc, def TO xyz, m WITH GRANT OPTION GRANTED BY jj";
+    let sql = "GRANT SELECT, INSERT, UPDATE (shape, size), USAGE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CONNECT, CREATE, EXECUTE, TEMPORARY ON abc, def TO xyz, m WITH GRANT OPTION GRANTED BY jj";
     match verified_stmt(sql) {
         Statement::Grant {
             privileges,
@@ -3930,6 +3930,10 @@ fn parse_grant() {
                         Action::Truncate,
                         Action::References { columns: None },
                         Action::Trigger,
+                        Action::Connect,
+                        Action::Create,
+                        Action::Execute,
+                        Action::Temporary,
                     ],
                     actions
                 );