AnonSec Shell
Server IP : 185.86.78.101  /  Your IP : 216.73.216.124
Web Server : Apache
System : Linux 675867-vds-valikoshka1996.gmhost.pp.ua 5.4.0-150-generic #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /www/server/mysql/mysql-test/t/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /www/server/mysql/mysql-test/t/slow_log.test
--echo #
--echo # Bug#33732907: Slow query log logs password in plain text on syntax error
--echo #
--echo

--source include/not_parallel.inc
--source include/not_valgrind.inc

SET @save_sqlf=@@global.slow_query_log_file;
SET @save_sql=@@global.slow_query_log;
SET @save_lo=@@global.log_output;
SET @save_lqt=@@session.long_query_time;

--replace_result $MYSQL_TMP_DIR ...
eval SET GLOBAL slow_query_log_file= '$MYSQL_TMP_DIR/slow33732907.log';
SET @@global.slow_query_log=1;
SET @@global.log_output='file,table';
SET @@session.long_query_time=0;

let SLOW_LOG= `SELECT @@global.slow_query_log_file`;

--echo
--echo # This succeeds, and the password is correctly obfuscated.
CREATE USER 'duplicate_user'@'%' IDENTIFIED BY 'mypassword';
--echo # This fails, but the password is still correctly obfuscated.
--error ER_CANNOT_USER
CREATE USER 'duplicate_user'@'%' IDENTIFIED BY 'mypassword';

--echo
--echo # Since we throw an error during the parse stage, we don't know which
--echo # part of the statement is the password (or whether there even is one),
--echo # so we cannot obfuscate it. In that case, the statement should not be
--echo # logged, either. The general log also behaves like this by default.
--error ER_PARSE_ERROR
CREATE USER ‘bad_characters’@’%’ IDENTIFIED BY 'mypassword';

--echo # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts
SELECT "general table>",argument
  FROM mysql.general_log
 WHERE INSTR(argument,"CREATE USER")=1
 ORDER BY event_time;

--echo # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts
SELECT "slow table>",sql_text
  FROM mysql.slow_log
 WHERE INSTR(sql_text,"CREATE USER")=1
 ORDER BY start_time;

SET @@global.slow_query_log_file=@save_sqlf;
SET @@global.slow_query_log=@save_sql;
SET @@global.log_output=@save_lo;
SET @@session.long_query_time=@save_lqt;

DROP USER 'duplicate_user'@'%';

--echo # Expected: 1 OK stmt, 1 failed stmt, 0 unparseable stmts
--perl
   use strict;

   my $file= $ENV{'SLOW_LOG'} or die("slow log not set");

   open(FILE, "$file") or die("Unable to open $file: $!");
   while (<FILE>) {
     my $line = $_;
     if ($line =~ /CREATE USER /) {
       print "slow file>".$line; }
   }
   close(FILE);
EOF

--remove_file $MYSQL_TMP_DIR/slow33732907.log
TRUNCATE mysql.slow_log;
TRUNCATE mysql.general_log;


--echo #
--echo # Done.

Anon7 - 2022
AnonSec Team