[MDEV-13921] Audit log writes invalid SQL if single-line comments are present - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.25, 10.2.8, 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL)
Fix Version/s: 10.1.19
Component/s: Plugin - Audit
Labels:
None

Sprint:
10.1.29

Description

Since the query lines get joined, single-line comments cause the rest of the line to be ignored.

Reproduction:

In [1]: from pymysql import connect   # pymysql 0.7.11

In [2]: conn = connect(unix_socket='/run/mysqld/mysqld.sock')

In [3]: c = conn.cursor()

In [4]: c.execute('''SELECT 1,

   ...: -- Single-line comment

   ...: 2;''')

Out[4]: 1

In [5]: c.execute('''SELECT 1,

   ...: # Single-line comment

   ...: 2;''')

Out[5]: 1

Resulting log:

20170925 15:23:24,hostname,username,localhost,38,141,QUERY,,'SELECT 1, -- Single-line comment 2',0

20170925 15:23:28,hostname,username,localhost,38,142,QUERY,,'SELECT 1, # Single-line comment 2',0

Cause:
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1346
https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1111

Solution
A) Skip comments (defeats the purpose of the audit log to some degree)
B) Log queries with escaped newlines (or better - all special characters).

B seems better.

Attachments

Activity

Ascending order - Click to sort in descending order

Karoline created issue - 2017-09-27 17:06

Elena Stepanova made changes - 2017-09-30 20:54

Field	Original Value	New Value
Description	Since the query lines get joined, single-line comments cause the rest of the line to be ignored. Reproduction: ``` In [1]: from pymysql import connect # pymysql 0.7.11 In [2]: conn = connect(unix_socket='/run/mysqld/mysqld.sock') In [3]: c = conn.cursor() In [4]: c.execute('''SELECT 1, ...: -- Single-line comment ...: 2;''') Out[4]: 1 In [5]: c.execute('''SELECT 1, ...: # Single-line comment ...: 2;''') Out[5]: 1 ``` Resulting log: ``` 20170925 15:23:24,hostname,username,localhost,38,141,QUERY,,'SELECT 1, -- Single-line comment 2',0 20170925 15:23:28,hostname,username,localhost,38,142,QUERY,,'SELECT 1, # Single-line comment 2',0 ``` Cause: https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1346 https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1111 Solution A) Skip comments (defeats the purpose of the audit log to some degree) B) Log queries with escaped newlines (or better - all special characters). B seems better.	Since the query lines get joined, single-line comments cause the rest of the line to be ignored. Reproduction: {noformat} In [1]: from pymysql import connect # pymysql 0.7.11 In [2]: conn = connect(unix_socket='/run/mysqld/mysqld.sock') In [3]: c = conn.cursor() In [4]: c.execute('''SELECT 1, ...: -- Single-line comment ...: 2;''') Out[4]: 1 In [5]: c.execute('''SELECT 1, ...: # Single-line comment ...: 2;''') Out[5]: 1 {noformat} Resulting log: {noformat} 20170925 15:23:24,hostname,username,localhost,38,141,QUERY,,'SELECT 1, -- Single-line comment 2',0 20170925 15:23:28,hostname,username,localhost,38,142,QUERY,,'SELECT 1, # Single-line comment 2',0 {noformat} Cause: https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1346 https://github.com/MariaDB/server/blob/fd2c5d19d0f0eeb054d18d4455d3ad28dd680219/plugin/server_audit/server_audit.c#L1111 Solution A) Skip comments (defeats the purpose of the audit log to some degree) B) Log queries with escaped newlines (or better - all special characters). B seems better.

Elena Stepanova made changes - 2017-09-30 20:58

Status

Open [ 1 ]

Confirmed [ 10101 ]

Elena Stepanova made changes - 2017-09-30 20:59

Fix Version/s		10.1 [ 16100 ]
Fix Version/s		10.2 [ 14601 ]
Affects Version/s		5.5 [ 15800 ]
Affects Version/s		10.0 [ 16000 ]
Affects Version/s		10.1 [ 16100 ]
Affects Version/s		10.2 [ 14601 ]
Assignee		Alexey Botchkov [ holyfoot ]

Sergei Golubchik made changes - 2017-11-01 17:44

Sprint

10.1.29 [ 202 ]

Alexey Botchkov made changes - 2017-11-03 10:51

Status

Confirmed [ 10101 ]

In Progress [ 3 ]

Alexey Botchkov made changes - 2017-11-03 13:47

Fix Version/s		10.1.19 [ 22111 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	10.1 [ 16100 ]
Resolution		Fixed [ 1 ]
Status	In Progress [ 3 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:45

Workflow

MariaDB v3 [ 82810 ]

MariaDB v4 [ 152893 ]

People

Assignee:: Alexey Botchkov

Reporter:: Karoline

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-09-27 17:06

Updated:: 2017-11-03 19:03

Resolved:: 2017-11-03 13:47

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server