Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5, 10.0, 10.1, 10.1.25, 10.2.8, 10.2
-
None
-
10.1.29
Description
Since the query lines get joined, single-line comments cause the rest of the line to be ignored.
Reproduction:
In [1]: from pymysql import connect # pymysql 0.7.11
|
|
In [2]: conn = connect(unix_socket='/run/mysqld/mysqld.sock')
|
|
In [3]: c = conn.cursor()
|
|
In [4]: c.execute('''SELECT 1,
|
...: -- Single-line comment
|
...: 2;''')
|
Out[4]: 1
|
|
In [5]: c.execute('''SELECT 1,
|
...: # Single-line comment
|
...: 2;''')
|
Out[5]: 1
|
Resulting log:
20170925 15:23:24,hostname,username,localhost,38,141,QUERY,,'SELECT 1, -- Single-line comment 2',0
|
20170925 15:23:28,hostname,username,localhost,38,142,QUERY,,'SELECT 1, # Single-line comment 2',0
|
Cause:
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1346
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1111
Solution
A) Skip comments (defeats the purpose of the audit log to some degree)
B) Log queries with escaped newlines (or better - all special characters).
B seems better.