用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

312 lines
11 KiB

/* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is also distributed with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have included with MySQL.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#ifndef SQL_REWRITE_INCLUDED
#define SQL_REWRITE_INCLUDED
#include <set>
#include "my_sqlcommand.h"
#include "table.h"
/* Forward declarations */
class THD;
class LEX_GRANT_AS;
/**
Target types where the rewritten query will be added. Query rewrite might
vary based on this type.
*/
enum class Consumer_type {
TEXTLOG, /* General log, slow query log and audit log */
BINLOG, /* Binary logs */
STDOUT /* Standard output */
};
/**
An interface to wrap the paramters required by specific Rewriter.
Parameters required by specific Rewriter must be added in the concrete
implementation.
Clients need to wrap the parameters in specific concrete object.
*/
class Rewrite_params {
protected:
virtual ~Rewrite_params() {}
};
/**
Wrapper object for user related parameters required by:
SET PASSWORD|CREATE USER|ALTER USER statements.
*/
class User_params : public Rewrite_params {
public:
User_params(std::set<LEX_USER *> *users_set)
: Rewrite_params(), users(users_set) {}
std::set<LEX_USER *> *users;
};
/**
Wrapper object for parameters required by SHOW CREATE USER statement.
*/
class Show_user_params : public Rewrite_params {
public:
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex)
: Rewrite_params(),
hide_password_hash(hide_password_hash),
print_identified_with_as_hex_(print_identified_with_as_hex) {}
bool hide_password_hash;
bool print_identified_with_as_hex_;
};
/**
Wrapper object for parameters required for GRANT statement.
*/
class Grant_params : public Rewrite_params {
public:
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
: Rewrite_params(),
grant_as_provided(grant_as_specified),
grant_as_info(grant_as) {}
bool grant_as_provided;
LEX_GRANT_AS *grant_as_info;
};
/**
Provides the default interface to rewrite the SQL statements to
to obfuscate passwords.
It either sets the thd->rewritten_query with a rewritten query,
or clears it if no rewriting took place.
*/
void mysql_rewrite_query(THD *thd, Consumer_type type = Consumer_type::TEXTLOG,
Rewrite_params *params = nullptr);
/**
Provides the default interface to rewrite the ACL query.
It sets the thd->rewritten_query with a rewritten query.
*/
void mysql_rewrite_acl_query(THD *thd, Consumer_type type,
Rewrite_params *params = nullptr,
bool do_ps_instrument = true);
/**
An abstract base class to enable the implementation of various query
rewriters. It accepts a THD pointer and the intended target type where the
query will to be written. It either sets the thd->rewritten_query with a
rewritten query, or clears it if no rewriting took place. Concrete classes
must implement the rewrite() method to rewrite the query. Despite concrete
classes may accept additional parameters, it is recommended not to create
their objects directly.
*/
class I_rewriter {
public:
/* Constructors and destructors */
I_rewriter(THD *thd, Consumer_type type);
virtual ~I_rewriter();
/* Prohibit the copy of the object */
I_rewriter(const I_rewriter &) = delete;
const I_rewriter &operator=(const I_rewriter &) = delete;
I_rewriter(const I_rewriter &&) = delete;
const I_rewriter &operator=(const I_rewriter &&) = delete;
/* Reset the previous consumer type before rewriting the query */
void set_consumer_type(Consumer_type type);
/* Return the current consumer type */
Consumer_type consumer_type();
/* Concrete classes must implement the logic to rewrite query here */
virtual bool rewrite() const = 0;
protected:
THD *const m_thd;
Consumer_type m_consumer_type;
};
/**
Abstract base class to define the skeleton of rewriting the users, yet
deferring some steps to the concrete classes. The implementation in specific
steps might vary according to SQL or the consumer type.
*/
class Rewriter_user : public I_rewriter {
protected:
Rewriter_user(THD *thd, Consumer_type target_type);
/*
Provides the skeleton to rewrite the users. The actual user is rewritten
through the concrete implementation of private methods.
*/
void rewrite_users(LEX *lex, String *str) const;
/* Append the literal value <secret> to the str */
void append_literal_secret(String *str) const;
/* Append the password hash to the output string */
virtual void append_auth_str(LEX_USER *lex, String *str) const;
/* Append the authentication plugin name for the user */
void append_plugin_name(const LEX_USER *user, String *str) const;
/*
Rewrites some of the user specific properties which are common to
concrete classes.
*/
virtual bool rewrite() const;
/*
Abstract method to be implemented by the concrete classes.
The implementation methos should add the user authID, plugin info and
auth str
*/
virtual void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const = 0;
/* Append the PASSWORD REUSE OPTIONS clause for users */
virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
/* Append the PASSWORD REUSE OPTIONS clause for users */
virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
private:
/* Append the SSL OPTIONS clause for users */
void rewrite_ssl_properties(const LEX *lex, String *str) const;
/* Append the RESOURCES OPTIONS clause for users */
void rewrite_user_resources(const LEX *lex, String *str) const;
/* Append the ACCOUNT LOCK OPTIONS clause for users */
void rewrite_account_lock(const LEX *lex, String *str) const;
/* Append the PASSWORD EXPIRED OPTIONS clause for users */
void rewrite_password_expired(const LEX *lex, String *str) const;
/* Append the PASSWORD REQUIRE CURRENT clause for users */
void rewrite_password_require_current(LEX *lex, String *str) const;
/* Append the DEFAULT ROLE OPTIONS clause */
void rewrite_default_roles(const LEX *lex, String *str) const;
};
/** Rewrites the CREATE USER statement. */
class Rewriter_create_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_create_user(THD *thd, Consumer_type type);
bool rewrite() const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
};
/** Rewrites the ALTER USER statement. */
class Rewriter_alter_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_alter_user(THD *thd, Consumer_type type = Consumer_type::TEXTLOG);
bool rewrite() const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
};
/** Rewrites the SHOW CREATE USER statement. */
class Rewriter_show_create_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_show_create_user(THD *thd, Consumer_type type,
Rewrite_params *params);
bool rewrite() const override;
protected:
/* Append the password hash to the output string */
virtual void append_auth_str(LEX_USER *lex, String *str) const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
Show_user_params *show_params_;
};
/** Rewrites the SET statement. */
class Rewriter_set : public I_rewriter {
public:
Rewriter_set(THD *thd, Consumer_type type);
bool rewrite() const override;
};
/*
Rewrites the SET PASSWORD statement
*/
class Rewriter_set_password final : public Rewriter_set {
using parent = Rewriter_set;
public:
Rewriter_set_password(THD *thd, Consumer_type type, Rewrite_params *params);
bool rewrite() const override;
private:
/* Name of the user whose password has to be changed */
std::set<LEX_USER *> *m_users = nullptr;
};
/** Rewrites the GRANT statement. */
class Rewriter_grant final : public I_rewriter {
public:
Rewriter_grant(THD *thd, Consumer_type type, Rewrite_params *params);
bool rewrite() const override;
private:
/* GRANT AS information */
Grant_params *grant_params = nullptr;
};
/** Rewrites the CHANGE MASTER statement. */
class Rewriter_change_master final : public I_rewriter {
public:
Rewriter_change_master(THD *thd, Consumer_type);
bool rewrite() const override;
};
/** Rewrites the START SLAVE statement. */
class Rewriter_slave_start final : public I_rewriter {
public:
Rewriter_slave_start(THD *thd, Consumer_type type);
bool rewrite() const override;
};
/** Base class for SERVER OPTIONS related statement */
class Rewriter_server_option : public I_rewriter {
public:
Rewriter_server_option(THD *thd, Consumer_type type);
protected:
// Append the SERVER OPTIONS clause
void mysql_rewrite_server_options(const LEX *lex, String *str) const;
};
/** Rewrites the CREATE SERVER statement. */
class Rewriter_create_server final : public Rewriter_server_option {
using parent = Rewriter_server_option;
public:
Rewriter_create_server(THD *thd, Consumer_type type);
bool rewrite() const override;
};
/** Rewrites the ALTER SERVER statement. */
class Rewriter_alter_server final : public Rewriter_server_option {
using parent = Rewriter_server_option;
public:
Rewriter_alter_server(THD *thd, Consumer_type type);
bool rewrite() const override;
};
/** Rewrites the PREPARE statement.*/
class Rewriter_prepare final : public I_rewriter {
public:
Rewriter_prepare(THD *thd, Consumer_type type);
bool rewrite() const override;
};
#endif /* SQL_REWRITE_INCLUDED */