MDEV-35522: MariaDB Audit does not detect all DCLs forms when masking password

1. skip OR REPLACE (to make it filter_query_type made recursive) 2. skip SET STATEMENT ... FOR before checking statements with passwords
2025-08-07 00:04:31 +03:00 · 2024-11-29 11:45:01 +01:00
parent 3de412fbe8
commit 5c86f3df33
3 changed files with 142 additions and 52 deletions
--- a/mysql-test/suite/plugins/r/server_audit_pwd_mask.result
+++ b/mysql-test/suite/plugins/r/server_audit_pwd_mask.result
@@ -1,3 +1,6 @@
+#
+# MDEV-35507 and MDEV-35522
+#
 install plugin ed25519 soname 'auth_ed25519';
 install plugin server_audit soname 'server_audit';
 set global server_audit_file_path='server_audit.log';
@@ -6,17 +9,25 @@ set global server_audit_logging=on;
 # unsafe to log passwords (pwd-123)
 CREATE USER u1 IDENTIFIED BY 'pwd_123';
 create user u2 IDENTIFIED VIA ed25519 USING PASSWORD('pwd_123');
+CREATE OR REPLACE USER u1 IDENTIFIED BY 'pwd_123';
 SET PASSWORD FOR u1 = PASSWORD('pwd_123');
 ALTER USER u1 IDENTIFIED BY 'pwd_123';
+ALTER USER if exists u1 IDENTIFIED BY 'pwd_123';
+SET STATEMENT max_statement_time=10 FOR ALTER USER u1 IDENTIFIED BY 'pwd_123';
 alter user u2 identified VIA ed25519 USING password('pwd_123');
 GRANT ALL ON test TO u1 IDENTIFIED BY "pwd_123";
 GRANT ALL ON test TO u1 identified VIA ed25519 as password('pwd_123') or ed25519 using password('pwd_123');
+CREATE SERVER s1 FOREIGN DATA WRAPPER mariadb OPTIONS ( PASSWORD "pwd_123");
+CREATE OR REPLACE SERVER s1 FOREIGN DATA WRAPPER mariadb OPTIONS ( PASSWORD "pwd_123");
+CREATE OR REPLACE SERVER s1 FOREIGN DATA WRAPPER mariadb OPTIONS ( PASSWORD "pwd_123");
 # pattern should not be found
 NOT FOUND /pwd_123/ in server_audit.log
 # pattern should not be found
 # cleaunup
+DROP SERVER s1;
 DROP USER u1;
 DROP USER u2;
 set global server_audit_logging=off;
 UNINSTALL PLUGIN ed25519;
 UNINSTALL PLUGIN server_audit;
+# end of 10.5 tests