用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

125 lines
3.4 KiB

5 months ago
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--echo #
--echo # Bug #24843257: CURRENT_ROLE(), ROLES_GRAPHML() RETURN VALUE
--echo # HAS INCORRECT CHARACTER SET
--echo # Expect system charset for empty
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;
--echo # Expect blobs
CREATE TABLE t1 AS
SELECT CURRENT_ROLE() AS CURRENT_ROLE, ROLES_GRAPHML() AS ROLES_GRAPHML;
SHOW CREATE TABLE t1;
DROP TABLE t1;
--echo # create some roles
CREATE ROLE r1;
GRANT r1 TO root@localhost;
SET ROLE r1;
--echo # Expect system charset for actual content
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;
--echo # cleanup
SET ROLE DEFAULT;
REVOKE r1 FROM root@localhost;
DROP ROLE r1;
--echo #
--echo # Bug #28953158: DROP ROLE USERNAME SHOULD BE REJECTED
--echo #
CREATE USER uu@localhost, u1@localhost;
CREATE ROLE r1;
GRANT CREATE ROLE, DROP ROLE ON *.* TO uu@localhost;
connect(con1,localhost,uu,,);
SHOW GRANTS;
--echo # connected as uu
--echo # test result: must fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
DROP USER u1@localhost;
--echo # test result: must fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
DROP ROLE u1@localhost;
--echo # test result: must pass
DROP ROLE r1;
--echo # Cleanup
connection default;
DROP USER uu@localhost, u1@localhost;
disconnect con1;
--echo #
--echo # Bug#28395115: permission denied if grants are given through role
--echo #
# Setup
CREATE DATABASE my_db;
CREATE table my_db.t1 (id int primary key);
CREATE ROLE my_role;
CREATE USER my_user, foo@localhost, baz@localhost;
# Grant all privileges to a user and a role
GRANT ALL ON *.* to my_role, foo@localhost;
GRANT EXECUTE ON *.* TO my_user, baz@localhost;
GRANT my_role TO my_user, baz@localhost;
SET DEFAULT ROLE my_role TO my_user;
# Stored procedure with the definer who has ALL of global privilege granted
# directly.
DELIMITER $$;
CREATE DEFINER=foo@localhost PROCEDURE my_db.foo_proc()
BEGIN
INSERT into my_db.t1 values(2) on duplicate key UPDATE id = values(id) + 200;
END $$
DELIMITER ;$$
# Stored procedure with the definer who is granted a role to which all global
# privileges are granted.
DELIMITER $$;
CREATE DEFINER=baz@localhost PROCEDURE my_db.baz_proc()
BEGIN
set ROLE all;
INSERT into my_db.t1 values(4) on duplicate key UPDATE id = values(id) + 400;
END $$
DELIMITER ;$$
--connect(my_user_con, localhost, my_user,,,)
INSERT into my_db.t1 values(5);
--echo # Inserts are now allowed if grants are given through role
INSERT into my_db.t1 values(8) on duplicate key UPDATE id = values(id) + 800;
CALL my_db.foo_proc();
CALL my_db.baz_proc();
connection default;
--echo # Now revoke all privileges from the roles and user
REVOKE ALL ON *.* FROM my_role;
REVOKE ALL ON *.* FROM foo@localhost;
GRANT EXECUTE ON *.* TO foo@localhost;
--echo # The SQL opperations must fail with existing connection.
connection my_user_con;
--error ER_TABLEACCESS_DENIED_ERROR
INSERT into my_db.t1 values(10);
--error ER_TABLEACCESS_DENIED_ERROR
CALL my_db.baz_proc();
--error ER_TABLEACCESS_DENIED_ERROR
CALL my_db.foo_proc();
--echo # Cleanup
connection default;
disconnect my_user_con;
DROP DATABASE my_db;
DROP USER my_user;
DROP USER foo@localhost, baz@localhost;
DROP ROLE my_role;
--echo
--echo # End of 8.0 tests
--echo
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc