database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-04 17:23:46 +03:00
Code Activity
Files
d914d09f58620937c20fa35279610d178d2ad03c
mariadb/mysql-test/suite/funcs_1
History
Sergei Golubchik 547dfc0e01 MDEV-32500 Information schema leaks table names and structure to unauthorized users 
standard table KEY_COLUMN_USAGE should only show keys where
a user has some privileges on every column of the key

standard table TABLE_CONSTRAINTS should show tables where
a user has any non-SELECT privilege on the table or on any column
of the table

standard table REFERENTIAL_CONSTRAINTS is defined in terms of
TABLE_CONSTRAINTS, so the same rule applies. If the user
has no rights to see the REFERENCED_TABLE_NAME value, it should be NULL

SHOW INDEX (and STATISTICS table) is non-standard, but it seems
reasonable to use the same logic as for KEY_COLUMN_USAGE.
2023-10-23 17:40:03 +02:00
..
bitdata
cursors
datadict
Merge branch '10.2' into 10.3
2022-01-29 15:41:05 +01:00
include
lib
mtr: use env for perl
2020-06-23 03:24:46 +02:00
r
MDEV-32500 Information schema leaks table names and structure to unauthorized users
2023-10-23 17:40:03 +02:00
storedproc
MDEV-31003: Second execution for ps-protocol
2023-07-26 17:15:00 +07:00
t
MDEV-32500 Information schema leaks table names and structure to unauthorized users
2023-10-23 17:40:03 +02:00
triggers
views
MDEV-31003: Second execution for ps-protocol
2023-07-26 17:15:00 +07:00
disabled.def
README.txt

README.txt 

2008-02-29 Matthias Leich
=========================

1. The testsuite "funcs_1" is mostly intended for additional (compared
   to the common regression tests stored in mysql-test/t) checks
   of features (VIEWS, INFORMATION_SCHEMA, STORED PROCEDURES,...)
   introduced with MySQL 5.0.

2. There were some extensions of this suite when new information_schema
   views were introduced. But in most cases the tests for these views
   were stored within the regression testsuite (mysql-test/t).

   INFORMATION_SCHEMA views introduced with MySQL 5.1
   ==================================================
   ENGINES       (partially tested here)
   EVENTS        (partially tested here)
   FILES
   GLOBAL_STATUS
   GLOBAL_VARIABLES
   PARTITIONS
   PLUGINS
   PROCESSLIST   (full tested here)
   PROFILING
   REFERENTIAL_CONSTRAINTS
   SESSION_STATUS
   SESSION_VARIABLES

3. Some hints for maintainers of this suite:
   - SHOW TABLES ... LIKE '<pattern>'
     does a case sensitive comparison between the tablename and
     the pattern.
     The names of the tables within the informationschema are in uppercase.
     So please use something like
        SHOW TABLES FOR information_schema LIKE 'TABLES'
     when you intend to get the same non empty result set on OS with and
     without case sensitive filesystems and default configuration.
   - The name of the data dictionary is 'information_schema' (lowercase).
   - Server on OS with filesystem with case sensitive filenames
     (= The files 'abc' and 'Abc' can coexist.)
     + default configuration
     Example of behaviour:
     DROP DATABASE information_schema;
     ERROR 42000: Access denied for user ... to database 'information_schema'
     DROP DATABASE INFORMATION_SCHEMA;
     ERROR 42000: Access denied for user ... to database 'INFORMATION_SCHEMA'
   - Try to unify results by
     --replace_result $engine_type <engine_to_be_tested>
     if we could expect that the results for storage engine variants of a
     test differ only in the engine names.
     This makes future maintenance easier.
   - Avoid the use of include/show_msg*.inc.
     They produce "SQL" noise which annoys during server debugging and can be
     easy replaced by "--echo ...".
View Git Blame Copy Permalink