diff --git a/executor/adapter.go b/executor/adapter.go index 865ca137ccfcf..fe0366eae967e 100644 --- a/executor/adapter.go +++ b/executor/adapter.go @@ -813,7 +813,7 @@ func (a *ExecStmt) LogSlowQuery(txnTS uint64, succ bool, hasMoreResults bool) { level := log.GetLevel() cfg := config.GetGlobalConfig() costTime := time.Since(sessVars.StartTime) + sessVars.DurationParse - threshold := time.Duration(cfg.Log.SlowThreshold) * time.Millisecond + threshold := time.Duration(atomic.LoadUint64(&cfg.Log.SlowThreshold)) * time.Millisecond enable := cfg.Log.EnableSlowLog // if the level is Debug, print slow logs anyway if (!enable || costTime < threshold) && level > zapcore.DebugLevel { @@ -823,6 +823,8 @@ func (a *ExecStmt) LogSlowQuery(txnTS uint64, succ bool, hasMoreResults bool) { normalizedSQL, digest := sessVars.StmtCtx.SQLDigest() if sessVars.EnableSlowLogMasking { sql = FormatSQL(normalizedSQL, nil) + } else if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok { + sql = FormatSQL(sensitiveStmt.SecureText(), nil) } else { sql = FormatSQL(a.Text, sessVars.PreparedParams) } @@ -982,10 +984,13 @@ func (a *ExecStmt) SummaryStmt(succ bool) { copTaskInfo := stmtCtx.CopTasksDetails() memMax := stmtCtx.MemTracker.MaxConsumed() diskMax := stmtCtx.DiskTracker.MaxConsumed() - + sql := a.Text + if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok { + sql = sensitiveStmt.SecureText() + } stmtsummary.StmtSummaryByDigestMap.AddStatement(&stmtsummary.StmtExecInfo{ SchemaName: strings.ToLower(sessVars.CurrentDB), - OriginalSQL: a.Text, + OriginalSQL: sql, NormalizedSQL: normalizedSQL, Digest: digest, PrevSQL: prevSQL, diff --git a/executor/executor_test.go b/executor/executor_test.go index c3ce966e762c1..8d774677ae94b 100644 --- a/executor/executor_test.go +++ b/executor/executor_test.go @@ -20,6 +20,7 @@ import ( "math" "net" "os" + "path" "strconv" "strings" "sync" @@ -5868,3 +5869,32 @@ func (s *testSuite) TestGenerateColumnReplace(c *C) { tk.MustExec("insert into `t1` (`a`) VALUES (2) on duplicate key update a = 3;") tk.MustQuery("select * from t1").Check(testkit.Rows("3 4")) } + +func (s *testSuite) TestSlowQuerySensitiveQuery(c *C) { + tk := testkit.NewTestKit(c, s.store) + originCfg := config.GetGlobalConfig() + newCfg := *originCfg + newCfg.Log.SlowQueryFile = path.Join(os.TempDir(), "tidb-slow.log") + config.StoreGlobalConfig(&newCfg) + defer func() { + tk.MustExec("set tidb_slow_log_threshold=300;") + config.StoreGlobalConfig(originCfg) + os.Remove(newCfg.Log.SlowQueryFile) + }() + err := logutil.InitLogger(newCfg.Log.ToLogConfig()) + c.Assert(err, IsNil) + + tk.MustExec("set tidb_slow_log_threshold=0;") + tk.MustExec("drop user if exists user_sensitive;") + tk.MustExec("create user user_sensitive identified by '123456789';") + tk.MustExec("alter user 'user_sensitive'@'%' identified by 'abcdefg';") + tk.MustExec("set password for 'user_sensitive'@'%' = 'xyzuvw';") + tk.MustQuery("select query from `information_schema`.`slow_query` " + + "where (query like 'set password%' or query like 'create user%' or query like 'alter user%') " + + "and query like '%user_sensitive%' order by query;"). + Check(testkit.Rows( + "alter user {user_sensitive@% password = ***};", + "create user {user_sensitive@% password = ***};", + "set password for user user_sensitive@%;", + )) +} diff --git a/infoschema/tables_test.go b/infoschema/tables_test.go index f5c656ba43191..b4c4f7e9d4ce1 100644 --- a/infoschema/tables_test.go +++ b/infoschema/tables_test.go @@ -1270,6 +1270,25 @@ func (s *testTableSuite) TestStmtSummaryPreparedStatements(c *C) { where digest_text like "select ?"`).Check(testkit.Rows("1")) } +func (s *testTableSuite) TestStmtSummarySensitiveQuery(c *C) { + tk := s.newTestKitWithRoot(c) + tk.MustExec("set global tidb_enable_stmt_summary = 0") + tk.MustExec("set global tidb_enable_stmt_summary = 1") + tk.MustExec("drop user if exists user_sensitive;") + tk.MustExec("create user user_sensitive identified by '123456789';") + tk.MustExec("alter user 'user_sensitive'@'%' identified by 'abcdefg';") + tk.MustExec("set password for 'user_sensitive'@'%' = 'xyzuvw';") + tk.MustQuery("select query_sample_text from `information_schema`.`STATEMENTS_SUMMARY` " + + "where query_sample_text like '%user_sensitive%' and " + + "(query_sample_text like 'set password%' or query_sample_text like 'create user%' or query_sample_text like 'alter user%') " + + "order by query_sample_text;"). + Check(testkit.Rows( + "alter user {user_sensitive@% password = ***}", + "create user {user_sensitive@% password = ***}", + "set password for user user_sensitive@%", + )) +} + func (s *testTableSuite) TestPerformanceSchemaforPlanCache(c *C) { orgEnable := plannercore.PreparedPlanCacheEnabled() defer func() {