BEGIN;

SET ROLE postgres;

-- Create a database owner by an unpriviledge user
CREATE ROLE alice LOGIN;
CREATE DATABASE library TEMPLATE template0 OWNER alice;
SELECT rolsuper FROM pg_roles WHERE rolname='alice';

\c library

CREATE EXTENSION anon CASCADE;
SELECT anon.init();

CREATE TABLE author (
  id INT,
  name TEXT
);

ALTER TABLE author OWNER TO alice;

SET ROLE alice;

CREATE FUNCTION public.attack()
RETURNS TEXT
AS $$
  ALTER ROLE alice SUPERUSER;
  SELECT 'CONFIDENTIAL';
$$
LANGUAGE SQL;

SECURITY LABEL FOR anon ON COLUMN author.name
IS 'MASKED WITH FUNCTION public.attack()';

SET ROLE postgres;

SELECT anon.anonymize_database();

SELECT rolsuper FROM pg_roles WHERE rolname='alice';

ROLLBACK;