[MXS-697] Problem with regex for maxscale dbfwfilter Created: 2016-04-27  Updated: 2016-08-11  Resolved: 2016-06-15

Status: Closed
Project: MariaDB MaxScale
Component/s: dbfwfilter
Affects Version/s: 1.4.1
Fix Version/s: 2.0.0

Type: Bug Priority: Minor
Reporter: Thies Meincke Assignee: markus makela
Resolution: Cannot Reproduce Votes: 0
Labels: None
Environment:

SLES 12


 Description   

Regex in filter does not work as expected.

rule files1 deny regex '^(?i)load.*data.*infile*'

should be true for all combinations of lower an upper case:

MySQL [(none)]> load data infile;
ERROR 1141 (HY000): Access denied for user 'rz4a016'@'134.100.3.64': Permission denied, query matched regular expression. WORKS

MySQL [(none)]> LOAD data infile;
ERROR 1141 (HY000): Access denied for user 'rz4a016'@'134.100.3.64': Permission denied, query matched regular expression. WORKS

MySQL [(none)]> LOAD DATA infile;
ERROR 1141 (HY000): Access denied for user 'rz4a016'@'134.100.3.64': Permission denied, query matched regular expression. WORKS

MySQL [(none)]> LOAD DATA INFILE;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

Does not work!

 Comments   
Comment by Timofey Turenko [ 2016-05-18 ]

my test ended up with segfault (both 1.4.1. and 1.4.3).
I can't reproduce with latest 'develop', but log file contains a bit strange lines like:

2016-05-18 04:08:24 notice : [RW Split Router] Rule '0˛�2' for '%@%' matched by skysql@151.80.21.219: LOAD DATA INFILE

it seems rule name is wrong.

Comment by Timofey Turenko [ 2016-06-14 ]

retested with latest 'develop':

2016-06-14 10:14:59 notice : [RW Split Router] Query for '%@%' by skysql@192.168.121.1 was not matched: SELECT 1;
2016-06-14 10:14:59 notice : [RW Split Router] Rule 'regex_rule' for '%@%' matched by skysql@192.168.121.1: load data infile;
2016-06-14 10:14:59 notice : [RW Split Router] Rule 'regex_rule' for '%@%' matched by skysql@192.168.121.1: LOAD data infile;
2016-06-14 10:14:59 notice : [RW Split Router] Rule 'regex_rule' for '%@%' matched by skysql@192.168.121.1: LOAD DATA infile;
2016-06-14 10:14:59 notice : [RW Split Router] Rule 'regex_rule' for '%@%' matched by skysql@192.168.121.1: LOAD DATA INFILE;
2016-06-14 10:15:00 notice : Finished MaxScale log flusher.

everything works, I can't reproduce it.

Comment by Thies Meincke [ 2016-06-23 ]

the problem is caused by a another rule:
rule files2 deny regex '^(?i)load.data.*local.*infile'

if this rule exists, the problem occurs. If this rule does not exist, the rule files1 works as expected.

Comment by Timofey Turenko [ 2016-06-25 ]

please provide full rules file. I can't still reproduce

Comment by Thies Meincke [ 2016-06-29 ]

can't reproduce after upgrade to 1.4.3 - that's fine, a little strange however...

anyway here the complete rule file:
rule peak_hour2 deny wildcard at_times 13:21:00-14:24:00 on_queries select
rule limit_rate_of_queries deny limit_queries 10 5 60
rule nix deny limit_queries 0 0 0
rule master_op1 deny regex '^(?i)change.master.*to.'
rule master_op2 deny regex '^(?i)show.master.'
rule master_op3 deny regex '^(?i)show.slave.'
rule files1 deny regex '^(?i)load.data.*infile'
rule files2 deny regex '^(?i)load.data.*local.*infile'
rule files3 deny regex '^(?i)select.into.*outfile.'
rule files4 deny regex '^(?i)select.into.*dumpfile.'
users rz4a016@% match any rules files1 files2 files3 files4
users rzcv017@% match any rules limit_rate_of_queries files1
users root@% match any rules nix
users replicator@% match any rules nix
users %@% match any rules files1 files2 master_op3 master_op2 master_op1

Generated at Thu Feb 08 04:01:16 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.