From 92d5a98f3c2fa9532bd5c62e16be188cfc909c8a Mon Sep 17 00:00:00 2001 From: Eric VERLEENE Date: Tue, 25 Nov 2025 09:09:04 +0100 Subject: [PATCH 1/3] reorganize rules --- dblinter.cfg | 40 +++++++++---------- .../{T003 => T002}/TableWithRedundantIndex.py | 0 .../{T004 => T003}/TableWithFkNotIndexed.py | 0 .../{T007 => T004}/TableWithUnusedIndex.py | 0 .../{T011 => T006}/TableWithUppercase.py | 0 .../TableWithFkOutsideSchema.py | 0 .../TableWithPotentialMissingIdx.py | 0 7 files changed, 20 insertions(+), 20 deletions(-) rename dblinter/rules/{T003 => T002}/TableWithRedundantIndex.py (100%) rename dblinter/rules/{T004 => T003}/TableWithFkNotIndexed.py (100%) rename dblinter/rules/{T007 => T004}/TableWithUnusedIndex.py (100%) rename dblinter/rules/{T011 => T006}/TableWithUppercase.py (100%) rename dblinter/rules/{T006 => T007}/TableWithFkOutsideSchema.py (100%) rename dblinter/rules/{T005 => T011}/TableWithPotentialMissingIdx.py (100%) diff --git a/dblinter.cfg b/dblinter.cfg index 8596477..760fe08 100644 --- a/dblinter.cfg +++ b/dblinter.cfg @@ -73,7 +73,7 @@ table: fixes: - create a primary key. - name: TableWithRedundantIndex - ruleid: T003 + ruleid: T002 enabled: True context: desc: table without duplicated index. @@ -81,25 +81,25 @@ table: fixes: - remove duplicated index - name: TableWithFkNotIndexed - ruleid: T004 + ruleid: T003 enabled: True context: desc: table without index on fk. - message: "unindexed fk {0}.{1}.{2} ddl:{3}." + message: "Unindexed fk {0}.{1}.{2} ddl:{3}." fixes: - index foreign key. - - name: TableWithPotentialMissingIdx - ruleid: T005 + - name: TableWithUnusedIndex + ruleid: T004 enabled: True params: - - threshold: 1000000 + - size_mo: 25 context: - desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. - message: "{0} table with seq scan exceed the threshold: {1}." + desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. + message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." fixes: - - ask a dba. + - remove unused index or change warning/error threshold. - name: TableWithFkOutsideSchema - ruleid: T006 + ruleid: T007 enabled: True context: desc: table with fk outside its schema @@ -107,16 +107,6 @@ table: fixes: - consider rewrite your model. - ask a dba. - - name: TableWithUnusedIndex - ruleid: T007 - enabled: True - params: - - size_mo: 25 - context: - desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. - message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." - fixes: - - remove unused index or change warning/error threshold. - name: TableWithFkMismatch ruleid: T008 enabled: True @@ -142,6 +132,16 @@ table: message: "{0} {1}.{2}.{3}.{4} violate retricted keyword rule." fixes: - Rename the object to use a non reserved keyword. + - name: TableWithPotentialMissingIdx + ruleid: T011 + enabled: True + params: + - threshold: 1000000 + context: + desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. + message: "{0} table with seq scan exceed the threshold: {1}." + fixes: + - ask a dba. schema: - name: SchemaWithDefaultRoleNotGranted ruleid: S001 diff --git a/dblinter/rules/T003/TableWithRedundantIndex.py b/dblinter/rules/T002/TableWithRedundantIndex.py similarity index 100% rename from dblinter/rules/T003/TableWithRedundantIndex.py rename to dblinter/rules/T002/TableWithRedundantIndex.py diff --git a/dblinter/rules/T004/TableWithFkNotIndexed.py b/dblinter/rules/T003/TableWithFkNotIndexed.py similarity index 100% rename from dblinter/rules/T004/TableWithFkNotIndexed.py rename to dblinter/rules/T003/TableWithFkNotIndexed.py diff --git a/dblinter/rules/T007/TableWithUnusedIndex.py b/dblinter/rules/T004/TableWithUnusedIndex.py similarity index 100% rename from dblinter/rules/T007/TableWithUnusedIndex.py rename to dblinter/rules/T004/TableWithUnusedIndex.py diff --git a/dblinter/rules/T011/TableWithUppercase.py b/dblinter/rules/T006/TableWithUppercase.py similarity index 100% rename from dblinter/rules/T011/TableWithUppercase.py rename to dblinter/rules/T006/TableWithUppercase.py diff --git a/dblinter/rules/T006/TableWithFkOutsideSchema.py b/dblinter/rules/T007/TableWithFkOutsideSchema.py similarity index 100% rename from dblinter/rules/T006/TableWithFkOutsideSchema.py rename to dblinter/rules/T007/TableWithFkOutsideSchema.py diff --git a/dblinter/rules/T005/TableWithPotentialMissingIdx.py b/dblinter/rules/T011/TableWithPotentialMissingIdx.py similarity index 100% rename from dblinter/rules/T005/TableWithPotentialMissingIdx.py rename to dblinter/rules/T011/TableWithPotentialMissingIdx.py From e0293b28855e181e793a4f080fa6a467c131af0d Mon Sep 17 00:00:00 2001 From: Eric VERLEENE Date: Tue, 25 Nov 2025 11:16:43 +0100 Subject: [PATCH 2/3] update default config --- dblinter/default_config.yaml | 48 ++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/dblinter/default_config.yaml b/dblinter/default_config.yaml index 7699af3..124cfdd 100644 --- a/dblinter/default_config.yaml +++ b/dblinter/default_config.yaml @@ -104,7 +104,7 @@ table: fixes: - create a primary key. - name: TableWithRedundantIndex - ruleid: T003 + ruleid: T002 enabled: True context: desc: table without duplicated index. @@ -112,42 +112,40 @@ table: fixes: - remove duplicated index - name: TableWithFkNotIndexed - ruleid: T004 + ruleid: T003 enabled: True context: desc: table without index on fk. - message: "unindexed fk {0}.{1}.{2}." + message: "Unindexed fk {0}.{1}.{2}." fixes: - "{3}." - - name: TableWithPotentialMissingIdx - ruleid: T005 + - name: TableWithUnusedIndex + ruleid: T004 enabled: True params: - - threshold: 1000000 + - size_mo: 25 context: - desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. - message: "{0} table with seq scan exceed the threshold: {1}." + desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. + message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." fixes: - - ask a dba. - - name: TableWithFkOutsideSchema + - remove unused index or change warning/error threshold. + - name: TableWithUppercase ruleid: T006 enabled: True context: - desc: table with fk outside its schema - message: "fk {0} on {1} is in schema {2}." + desc: Table with uppercase in name or in columns. + message: "Uppercase used on table {0}.{1}.{2}." fixes: - - consider rewrite your model. - - ask a dba. - - name: TableWithUnusedIndex + - Do not use uppercase for any database objects + - name: TableWithFkOutsideSchema ruleid: T007 enabled: True - params: - - size_mo: 25 context: - desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. - message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." + desc: table with fk outside its schema + message: "fk {0} on {1} is in schema {2}." fixes: - - remove unused index or change warning/error threshold. + - consider rewrite your model. + - ask a dba. - name: TableWithFkMismatch ruleid: T008 enabled: True @@ -173,14 +171,16 @@ table: message: "{0} {1}.{2}.{3}.{4} violate retricted keyword rule." fixes: - Rename the object to use a non reserved keyword. - - name: TableWithUppercase + - name: TableWithPotentialMissingIdx ruleid: T011 enabled: True + params: + - threshold: 1000000 context: - desc: Table with uppercase in name or in columns. - message: "Uppercase used on table {0}.{1}.{2}." + desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. + message: "{0} table with seq scan exceed the threshold: {1}." fixes: - - Do not use uppercase for any database objects + - ask a dba. - name: TableWithSensibleColumn ruleid: T012 enabled: True From 95a30ae577983e473cd6c7aefc97e8136b22cf0a Mon Sep 17 00:00:00 2001 From: Eric VERLEENE Date: Tue, 25 Nov 2025 14:34:23 +0100 Subject: [PATCH 3/3] reorganize test rules --- .../TableWithPotentialMissingIdx.py | 0 tests/data/good_config.yaml | 70 ++++++++++++------- .../test_TableWithRedundantIndex.py | 0 .../test_TableWithFkNotIndexed.py | 0 .../test_TableWithUnusedIndex.py | 0 .../{T011 => T006}/test_TableWithUppercase.py | 0 .../test_TableWithFkOutsideSchema.py | 0 .../test_TableWithPotentialMissingIdx.py | 0 8 files changed, 43 insertions(+), 27 deletions(-) rename dblinter/rules/{T011 => T005}/TableWithPotentialMissingIdx.py (100%) rename tests/rules/{T003 => T002}/test_TableWithRedundantIndex.py (100%) rename tests/rules/{T004 => T003}/test_TableWithFkNotIndexed.py (100%) rename tests/rules/{T007 => T004}/test_TableWithUnusedIndex.py (100%) rename tests/rules/{T011 => T006}/test_TableWithUppercase.py (100%) rename tests/rules/{T006 => T007}/test_TableWithFkOutsideSchema.py (100%) rename tests/rules/{T005 => T011}/test_TableWithPotentialMissingIdx.py (100%) diff --git a/dblinter/rules/T011/TableWithPotentialMissingIdx.py b/dblinter/rules/T005/TableWithPotentialMissingIdx.py similarity index 100% rename from dblinter/rules/T011/TableWithPotentialMissingIdx.py rename to dblinter/rules/T005/TableWithPotentialMissingIdx.py diff --git a/tests/data/good_config.yaml b/tests/data/good_config.yaml index 4e6c5fe..ed87730 100644 --- a/tests/data/good_config.yaml +++ b/tests/data/good_config.yaml @@ -71,52 +71,50 @@ table: desc: table without primary key. message: "No primary key on table {0}.{1}.{2}." fixes: - - create a primary key. + - create a primary key. - name: TableWithRedundantIndex - ruleid: T003 + ruleid: T002 enabled: True context: desc: table without duplicated index. message: "{0} redundant(s) index found on {1}.{2} idx {3} column {4}." fixes: - - remove duplicated index + - remove duplicated index - name: TableWithFkNotIndexed - ruleid: T004 + ruleid: T003 enabled: True context: desc: table without index on fk. - message: "unindexed fk {0}.{1}.{2} ddl:{3}." + message: "Unindexed fk {0}.{1}.{2}." fixes: - - index foreign key. - - name: TableWithPotentialMissingIdx - ruleid: T005 + - "{3}." + - name: TableWithUnusedIndex + ruleid: T004 enabled: True params: - - threshold: 1000000 + - size_mo: 25 context: - desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. - message: "{0} table with seq scan exceed the threshold: {1}." + desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. + message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." fixes: - - ask a dba. - - name: TableWithFkOutsideSchema + - remove unused index or change warning/error threshold. + - name: TableWithUppercase ruleid: T006 enabled: True context: - desc: table with fk outside its schema - message: "fk {0} on {1} is in schema {2}." + desc: Table with uppercase in name or in columns. + message: "Uppercase used on table {0}.{1}.{2}." fixes: - - consider rewrite your model. - - ask a dba. - - name: TableWithUnusedIndex + - Do not use uppercase for any database objects + - name: TableWithFkOutsideSchema ruleid: T007 enabled: True - params: - - size_mo: 25 context: - desc: Table unused index, base on pg_stat_user_indexes, indexes associated to unique constraints are discard. - message: "Index {0} on {1} size {2} Mo seems to be unused (idx_scan=0)." + desc: table with fk outside its schema + message: "fk {0} on {1} is in schema {2}." fixes: - - remove unused index or change warning/error threshold. + - consider rewrite your model. + - ask a dba. - name: TableWithFkMismatch ruleid: T008 enabled: True @@ -124,8 +122,8 @@ table: desc: table with fk mismatch, ex smallint refer to a bigint message: "Type constraint mismatch: {0} on {1} column {2} (type {3}/{4}) ref {5} column {6} type ({7}/{8})." fixes: - - consider rewrite your model. - - ask a dba. + - consider rewrite your model. + - ask a dba. - name: TableWithRoleNotGranted ruleid: T009 enabled: True @@ -133,7 +131,7 @@ table: desc: Table has no roles grantee. Meaning that users will need direct access on it (not through a role). message: "No role grantee on table {0}.{1}.{2}. It means that except owner. Others will need a direct grant on this table, not through a role (unusual at dkt)." fixes: - - create roles (myschema_ro & myschema_rw) and grant it on table with appropriate privileges. + - create roles (myschema_ro & myschema_rw) and grant it on table with appropriate privileges. - name: ReservedKeyWord ruleid: T010 enabled: True @@ -141,7 +139,25 @@ table: desc: A table, his column or indexes use reserved keywords. message: "{0} {1}.{2}.{3}.{4} violate retricted keyword rule." fixes: - - Rename the object to use a non reserved keyword. + - Rename the object to use a non reserved keyword. + - name: TableWithPotentialMissingIdx + ruleid: T011 + enabled: True + params: + - threshold: 1000000 + context: + desc: table with high level of seq scan vs idx scan, base on pg_stat_user_tables. + message: "{0} table with seq scan exceed the threshold: {1}." + fixes: + - ask a dba. + - name: TableWithSensibleColumn + ruleid: T012 + enabled: True + context: + desc: Base on the extension anon (https://postgresql-anonymizer.readthedocs.io/en/stable/detection), show sensitive column. + message: "{0} have column {1} (category {2}) that can be consider has sensitive. It should be masked for non data-operator users." + fixes: + - Install extension anon, and create some masking rules on. schema: - name: SchemaWithDefaultRoleNotGranted ruleid: S001 diff --git a/tests/rules/T003/test_TableWithRedundantIndex.py b/tests/rules/T002/test_TableWithRedundantIndex.py similarity index 100% rename from tests/rules/T003/test_TableWithRedundantIndex.py rename to tests/rules/T002/test_TableWithRedundantIndex.py diff --git a/tests/rules/T004/test_TableWithFkNotIndexed.py b/tests/rules/T003/test_TableWithFkNotIndexed.py similarity index 100% rename from tests/rules/T004/test_TableWithFkNotIndexed.py rename to tests/rules/T003/test_TableWithFkNotIndexed.py diff --git a/tests/rules/T007/test_TableWithUnusedIndex.py b/tests/rules/T004/test_TableWithUnusedIndex.py similarity index 100% rename from tests/rules/T007/test_TableWithUnusedIndex.py rename to tests/rules/T004/test_TableWithUnusedIndex.py diff --git a/tests/rules/T011/test_TableWithUppercase.py b/tests/rules/T006/test_TableWithUppercase.py similarity index 100% rename from tests/rules/T011/test_TableWithUppercase.py rename to tests/rules/T006/test_TableWithUppercase.py diff --git a/tests/rules/T006/test_TableWithFkOutsideSchema.py b/tests/rules/T007/test_TableWithFkOutsideSchema.py similarity index 100% rename from tests/rules/T006/test_TableWithFkOutsideSchema.py rename to tests/rules/T007/test_TableWithFkOutsideSchema.py diff --git a/tests/rules/T005/test_TableWithPotentialMissingIdx.py b/tests/rules/T011/test_TableWithPotentialMissingIdx.py similarity index 100% rename from tests/rules/T005/test_TableWithPotentialMissingIdx.py rename to tests/rules/T011/test_TableWithPotentialMissingIdx.py