Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.5, 10.0, 10.1, 10.2, 10.1.25, 10.2.8
-
Fix Version/s: 10.1.19
-
Component/s: Plugin - Audit
-
Labels:None
-
Sprint:10.1.29
Description
Since the query lines get joined, single-line comments cause the rest of the line to be ignored.
Reproduction:
In [1]: from pymysql import connect # pymysql 0.7.11
|
|
In [2]: conn = connect(unix_socket='/run/mysqld/mysqld.sock')
|
|
In [3]: c = conn.cursor()
|
|
In [4]: c.execute('''SELECT 1,
|
...: -- Single-line comment
|
...: 2;''')
|
Out[4]: 1
|
|
In [5]: c.execute('''SELECT 1,
|
...: # Single-line comment
|
...: 2;''')
|
Out[5]: 1
|
Resulting log:
20170925 15:23:24,hostname,username,localhost,38,141,QUERY,,'SELECT 1, -- Single-line comment 2',0
|
20170925 15:23:28,hostname,username,localhost,38,142,QUERY,,'SELECT 1, # Single-line comment 2',0
|
Cause:
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1346
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1111
Solution
A) Skip comments (defeats the purpose of the audit log to some degree)
B) Log queries with escaped newlines (or better - all special characters).
B seems better.