Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2788

Masking filter performs case-sensitive checks against unquoted case-insensitive identifiers in function calls and WHERE clauses

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.4.4
    • 2.3.16, 2.4.5
    • masking
    • None

    Description

      Let's say that a user has the following rule set:

          {
            "replace": {
              "column": "COLNAME"
            },
            "with": {
              "value": ".",
              "fill": "."
            }
          },
      

      Then the following queries are properly rejected:

      > select COLNAME, upper(COLNAME) from TABNAME limit 10;
      ERROR 1141 (HY000): The function upper is used in conjunction with a field that should be masked for 'user'@'::ffff:...', access is denied.
       
      > select COLNAME from TABNAME where COLNAME like '1%' limit 10;
      ERROR 1141 (HY000): The function upper is used in conjunction with a field that should be masked for 'user'@'::ffff:...', access is denied.
      

      However, if the same columns are referred to in lowercase (and unquoted), then the filter allows the queries:

      > select colname, upper(colname) from tabname limit 10;
       
      > select colname from tabname where colname like '1%' limit 10;
      

      Attachments

        Activity

          People

            johan.wikman Johan Wikman
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.