guoxin
/
test-example-projects
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
722 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 574f9c1e1d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '574f9c1e1d'
${ noResults }
test-example-projects/c++_projects/280w-mysql-8.0.18/mysql-test/t/roles-view.test

128 lines
2.9 KiB
Raw Blame History

CREATE ROLE r1;
CREATE DATABASE db1;
CREATE DATABASE db2;
CREATE USER u1@localhost IDENTIFIED BY 'foo';
GRANT CREATE ON db1.* TO u1@localhost;
GRANT r1 TO u1@localhost;
SHOW STATUS LIKE '%acl_cache%';
CREATE TABLE db1.t1 (c1 int);
CREATE TABLE db1.t2 (c1 int);
CREATE TABLE db2.t1 (c1 int);
CREATE TABLE db2.t2 (c1 int);
CREATE SQL SECURITY DEFINER VIEW db1.v1 AS SELECT * FROM db1.t1;
CREATE SQL SECURITY DEFINER VIEW db2.v1 AS SELECT * FROM db2.t1;
CREATE SQL SECURITY DEFINER VIEW db1.v2 AS SELECT * FROM db1.t1;
CREATE SQL SECURITY INVOKER VIEW db1.v4 AS SELECT * FROM db2.t2;
--echo ++ Test global level privileges
GRANT SELECT ON *.* TO r1;
SHOW GRANTS FOR u1@localhost USING r1;
connect(con1, localhost, u1, foo, db1);
SET ROLE r1;
--echo ++ Positive test
SELECT * FROM v1;
SELECT * FROM db2.v1;
SELECT * FROM v4;
--echo ++ Test revoke
connection default;
REVOKE SELECT ON *.* FROM r1;
SHOW GRANTS FOR u1@localhost USING r1;
connection con1;
SET ROLE r1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM v1;
--echo ++ Test schema level privileges
connection default;
GRANT SELECT ON db1.* TO r1;
SHOW GRANTS FOR u1@localhost USING r1;
connection con1;
SET ROLE r1;
--echo ++ Positive test
SELECT * FROM v1;
SELECT * FROM v2;
--echo ++ Negative test
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM db2.v1;
--error ER_VIEW_INVALID
SELECT * FROM v4;
connection default;
REVOKE SELECT ON db1.* FROM r1;
--echo ++ Test routine level privileges
GRANT SELECT ON db1.v1 TO r1;
connection con1;
SET ROLE r1;
--echo ++ Positive test
SELECT * FROM v1;
--echo ++ Negative test
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM v2;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM db2.v1;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM v4;
--echo ++ Test Security invoker model
connection default;
GRANT SELECT ON db2.* TO r1;
GRANT SELECT ON db1.* TO r1;
GRANT CREATE VIEW ON db1.* TO r1;
connection con1;
SET ROLE r1;
--echo ++ Positive test
SELECT * FROM v1;
SHOW GRANTS FOR CURRENT_USER;
SELECT * FROM v4;
--echo ++ Test SUID = u1@localhost with default roles
CREATE SQL SECURITY DEFINER VIEW db1.v5 AS SELECT * FROM db2.t1;
--echo Negative test; DEFINER VIEWs always use default roles
--error ER_VIEW_INVALID
SELECT * FROM v5;
--echo Positive test; Added default role.
ALTER USER u1@localhost DEFAULT ROLE r1;
SELECT * FROM v5;
connection default;
CREATE USER u2@localhost IDENTIFIED BY 'oof';
GRANT SELECT ON db1.* TO u2@localhost;
SHOW GRANTS FOR u1@localhost USING r1;
connect(con2, localhost, u2, oof, db1);
--echo ++ Positive test
SELECT * FROM db1.v5;
SELECT * FROM db1.v2;
--echo ++ Negative test
--error ER_VIEW_INVALID
SELECT * FROM db1.v4;
connection default;
REVOKE r1 FROM u1@localhost;
connection con2;
--error ER_VIEW_INVALID
SELECT * FROM v5;
--echo ++ Clean up
connection default;
DROP DATABASE db1;
DROP DATABASE db2;
DROP USER u1@localhost;
DROP ROLE r1;
DROP USER u2@localhost;
disconnect con1;
disconnect con2;
SHOW STATUS LIKE '%acl_cache%';