From 7a1f8757440bbda0e79e3d40bdd15c44417107b0 Mon Sep 17 00:00:00 2001 From: crazycs Date: Fri, 19 Jun 2020 16:30:17 +0800 Subject: [PATCH 1/2] cherry pick #18107 to release-4.0 Signed-off-by: ti-srebot --- executor/adapter.go | 14 ++++++++++++-- executor/executor_test.go | 30 ++++++++++++++++++++++++++++++ infoschema/tables_test.go | 19 +++++++++++++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) diff --git a/executor/adapter.go b/executor/adapter.go index efc30f25b3516..67bf37c327038 100644 --- a/executor/adapter.go +++ b/executor/adapter.go @@ -805,7 +805,7 @@ func (a *ExecStmt) LogSlowQuery(txnTS uint64, succ bool, hasMoreResults bool) { level := log.GetLevel() cfg := config.GetGlobalConfig() costTime := time.Since(sessVars.StartTime) + sessVars.DurationParse - threshold := time.Duration(cfg.Log.SlowThreshold) * time.Millisecond + threshold := time.Duration(atomic.LoadUint64(&cfg.Log.SlowThreshold)) * time.Millisecond enable := cfg.Log.EnableSlowLog // if the level is Debug, print slow logs anyway if (!enable || costTime < threshold) && level > zapcore.DebugLevel { @@ -815,6 +815,8 @@ func (a *ExecStmt) LogSlowQuery(txnTS uint64, succ bool, hasMoreResults bool) { normalizedSQL, digest := sessVars.StmtCtx.SQLDigest() if sessVars.EnableSlowLogMasking { sql = FormatSQL(normalizedSQL, nil) + } else if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok { + sql = FormatSQL(sensitiveStmt.SecureText(), nil) } else { sql = FormatSQL(a.Text, sessVars.PreparedParams) } @@ -959,10 +961,18 @@ func (a *ExecStmt) SummaryStmt(succ bool) { execDetail := stmtCtx.GetExecDetails() copTaskInfo := stmtCtx.CopTasksDetails() memMax := stmtCtx.MemTracker.MaxConsumed() +<<<<<<< HEAD +======= + diskMax := stmtCtx.DiskTracker.MaxConsumed() + sql := a.Text + if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok { + sql = sensitiveStmt.SecureText() + } +>>>>>>> dfca52c... executor: remove sensitive information in slow-log and statement (#18107) stmtsummary.StmtSummaryByDigestMap.AddStatement(&stmtsummary.StmtExecInfo{ SchemaName: strings.ToLower(sessVars.CurrentDB), - OriginalSQL: a.Text, + OriginalSQL: sql, NormalizedSQL: normalizedSQL, Digest: digest, PrevSQL: prevSQL, diff --git a/executor/executor_test.go b/executor/executor_test.go index 2d2a82bb3115f..317ad58577dbb 100644 --- a/executor/executor_test.go +++ b/executor/executor_test.go @@ -20,6 +20,7 @@ import ( "math" "net" "os" + "path" "strconv" "strings" "sync" @@ -5813,3 +5814,32 @@ func (s *testSuite1) TestDIVZeroInPartitionExpr(c *C) { tk.MustExec("set @@sql_mode='STRICT_ALL_TABLES,ERROR_FOR_DIVISION_BY_ZERO'") tk.MustGetErrCode("insert into t1 values (NULL), (0), (1)", mysql.ErrDivisionByZero) } + +func (s *testSuite) TestSlowQuerySensitiveQuery(c *C) { + tk := testkit.NewTestKit(c, s.store) + originCfg := config.GetGlobalConfig() + newCfg := *originCfg + newCfg.Log.SlowQueryFile = path.Join(os.TempDir(), "tidb-slow.log") + config.StoreGlobalConfig(&newCfg) + defer func() { + tk.MustExec("set tidb_slow_log_threshold=300;") + config.StoreGlobalConfig(originCfg) + os.Remove(newCfg.Log.SlowQueryFile) + }() + err := logutil.InitLogger(newCfg.Log.ToLogConfig()) + c.Assert(err, IsNil) + + tk.MustExec("set tidb_slow_log_threshold=0;") + tk.MustExec("drop user if exists user_sensitive;") + tk.MustExec("create user user_sensitive identified by '123456789';") + tk.MustExec("alter user 'user_sensitive'@'%' identified by 'abcdefg';") + tk.MustExec("set password for 'user_sensitive'@'%' = 'xyzuvw';") + tk.MustQuery("select query from `information_schema`.`slow_query` " + + "where (query like 'set password%' or query like 'create user%' or query like 'alter user%') " + + "and query like '%user_sensitive%' order by query;"). + Check(testkit.Rows( + "alter user {user_sensitive@% password = ***};", + "create user {user_sensitive@% password = ***};", + "set password for user user_sensitive@%;", + )) +} diff --git a/infoschema/tables_test.go b/infoschema/tables_test.go index b6045c0f1f4e8..c723870e14643 100644 --- a/infoschema/tables_test.go +++ b/infoschema/tables_test.go @@ -1247,6 +1247,25 @@ func (s *testTableSuite) TestStmtSummaryPreparedStatements(c *C) { where digest_text like "select ?"`).Check(testkit.Rows("1")) } +func (s *testTableSuite) TestStmtSummarySensitiveQuery(c *C) { + tk := s.newTestKitWithRoot(c) + tk.MustExec("set global tidb_enable_stmt_summary = 0") + tk.MustExec("set global tidb_enable_stmt_summary = 1") + tk.MustExec("drop user if exists user_sensitive;") + tk.MustExec("create user user_sensitive identified by '123456789';") + tk.MustExec("alter user 'user_sensitive'@'%' identified by 'abcdefg';") + tk.MustExec("set password for 'user_sensitive'@'%' = 'xyzuvw';") + tk.MustQuery("select query_sample_text from `information_schema`.`STATEMENTS_SUMMARY` " + + "where query_sample_text like '%user_sensitive%' and " + + "(query_sample_text like 'set password%' or query_sample_text like 'create user%' or query_sample_text like 'alter user%') " + + "order by query_sample_text;"). + Check(testkit.Rows( + "alter user {user_sensitive@% password = ***}", + "create user {user_sensitive@% password = ***}", + "set password for user user_sensitive@%", + )) +} + func (s *testTableSuite) TestPerformanceSchemaforPlanCache(c *C) { orgEnable := plannercore.PreparedPlanCacheEnabled() defer func() { From 775aef5660427c71f92bc111bddc6c68e17e27e5 Mon Sep 17 00:00:00 2001 From: crazycs520 Date: Fri, 19 Jun 2020 17:03:39 +0800 Subject: [PATCH 2/2] fix conflict Signed-off-by: crazycs520 --- executor/adapter.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/executor/adapter.go b/executor/adapter.go index 67bf37c327038..87dd1ba4bd1f0 100644 --- a/executor/adapter.go +++ b/executor/adapter.go @@ -961,15 +961,10 @@ func (a *ExecStmt) SummaryStmt(succ bool) { execDetail := stmtCtx.GetExecDetails() copTaskInfo := stmtCtx.CopTasksDetails() memMax := stmtCtx.MemTracker.MaxConsumed() -<<<<<<< HEAD - -======= - diskMax := stmtCtx.DiskTracker.MaxConsumed() sql := a.Text if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok { sql = sensitiveStmt.SecureText() } ->>>>>>> dfca52c... executor: remove sensitive information in slow-log and statement (#18107) stmtsummary.StmtSummaryByDigestMap.AddStatement(&stmtsummary.StmtExecInfo{ SchemaName: strings.ToLower(sessVars.CurrentDB), OriginalSQL: sql,