diff --git a/mysql-test/suite/plugins/r/server_audit_double_comma.result b/mysql-test/suite/plugins/r/server_audit_double_comma.result new file mode 100644 index 0000000000000..8cd483548066b --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_double_comma.result @@ -0,0 +1,75 @@ +# +# Test for double comma handling in SERVER_AUDIT_INCL_USERS +# Bug: Double commas (e.g., 'user1,,user2') cause all users to be logged +# Expected: Only user1 and user2 should be logged +# +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; +# +# Install the audit plugin +# +INSTALL PLUGIN server_audit SONAME 'server_audit'; +# +# Set up audit log file +# +# +# Configure audit with double comma in incl_users +# +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_double_comma.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = 'audit_user1,,audit_user2'; +SET GLOBAL server_audit_logging = ON; +# +# Connect as user1 - should be logged +# +connect conn1, localhost, audit_user1, password1,; +SELECT 'query_from_user1'; +query_from_user1 +query_from_user1 +disconnect conn1; +# +# Connect as user2 - should be logged +# +connect conn2, localhost, audit_user2, password2,; +SELECT 'query_from_user2'; +query_from_user2 +query_from_user2 +disconnect conn2; +# +# Connect as user3 - should NOT be logged (not in incl_users) +# +connect conn3, localhost, audit_user3, password3,; +SELECT 'query_from_user3_NOT_in_list'; +query_from_user3_NOT_in_list +query_from_user3_NOT_in_list +disconnect conn3; +connection default; +# +# Cleanup +# +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; +# +# Verify audit log - user3 queries should NOT appear +# +# The audit log should contain queries from user1 and user2 only +# If the bug exists, user3 queries will also appear (all users logged) +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'query_from_user1\'',0 +TIME,HOSTNAME,audit_user2,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'query_from_user2\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 +# +# Remove the temporary audit log +# +# Test completed - double comma handling verified diff --git a/mysql-test/suite/plugins/r/server_audit_edge_commas.result b/mysql-test/suite/plugins/r/server_audit_edge_commas.result new file mode 100644 index 0000000000000..23fa1829e0644 --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_edge_commas.result @@ -0,0 +1,104 @@ + +======================================================================= +Test for leading and trailing commas in SERVER_AUDIT_INCL_USERS +Bug: Edge commas (e.g., ',user1,user2,') cause all users to be logged +Expected: Only user1 and user2 should be logged +======================================================================= +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +======================================================================= +Install the audit plugin +======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +======================================================================= +Set up audit log file +======================================================================= + +======================================================================= +TEST 1: Leading comma - ',user1,user2' +======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_leading.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = ',audit_user1,audit_user2'; +SET GLOBAL server_audit_logging = ON; +connect conn1a, localhost, audit_user1, password1,; +SELECT 'leading_test_user1'; +leading_test_user1 +leading_test_user1 +disconnect conn1a; +connect conn3a, localhost, audit_user3, password3,; +SELECT 'leading_test_user3_NOT_in_list'; +leading_test_user3_NOT_in_list +leading_test_user3_NOT_in_list +disconnect conn3a; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Leading comma test - user3 should NOT appear: +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'leading_test_user1\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +TEST 2: Trailing comma - 'user1,user2,' +======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_trailing.log'; +SET GLOBAL server_audit_incl_users = 'audit_user1,audit_user2,'; +SET GLOBAL server_audit_logging = ON; +connect conn1b, localhost, audit_user1, password1,; +SELECT 'trailing_test_user1'; +trailing_test_user1 +trailing_test_user1 +disconnect conn1b; +connect conn3b, localhost, audit_user3, password3,; +SELECT 'trailing_test_user3_NOT_in_list'; +trailing_test_user3_NOT_in_list +trailing_test_user3_NOT_in_list +disconnect conn3b; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Trailing comma test - user3 should NOT appear: +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'trailing_test_user1\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +TEST 3: Both leading and trailing commas - ',user1,user2,' +======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_both.log'; +SET GLOBAL server_audit_incl_users = ',audit_user1,audit_user2,'; +SET GLOBAL server_audit_logging = ON; +connect conn1c, localhost, audit_user1, password1,; +SELECT 'both_test_user1'; +both_test_user1 +both_test_user1 +disconnect conn1c; +connect conn3c, localhost, audit_user3, password3,; +SELECT 'both_test_user3_NOT_in_list'; +both_test_user3_NOT_in_list +both_test_user3_NOT_in_list +disconnect conn3c; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Both commas test - user3 should NOT appear: +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'both_test_user1\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +Cleanup +======================================================================= +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; +# Test completed - edge commas handling verified diff --git a/mysql-test/suite/plugins/r/server_audit_empty_input.result b/mysql-test/suite/plugins/r/server_audit_empty_input.result new file mode 100644 index 0000000000000..35e6f444c43c1 --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_empty_input.result @@ -0,0 +1,84 @@ + +======================================================================= +Test for empty and invalid input in SERVER_AUDIT_INCL_USERS +Tests: empty string, only commas, only whitespace and commas +Expected: When incl_users is effectively empty, ALL users are logged +(empty inclusion list = no filtering) +======================================================================= +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; + +======================================================================= +Install the audit plugin +======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +======================================================================= +Set up audit log file +======================================================================= + +======================================================================= +TEST 1: Only commas - ',,,' +======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_empty1.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = ',,,'; +SET GLOBAL server_audit_logging = ON; +connect conn1a, localhost, audit_user1, password1,; +SELECT 'empty1_test_user1_should_log_all'; +empty1_test_user1_should_log_all +empty1_test_user1_should_log_all +disconnect conn1a; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Only commas test - all users should be logged (no filter): +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'empty1_test_user1_should_log_all\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +TEST 2: Whitespace and commas - ' , , ' +======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_empty2.log'; +SET GLOBAL server_audit_incl_users = ' , , '; +SET GLOBAL server_audit_logging = ON; +connect conn1b, localhost, audit_user1, password1,; +SELECT 'empty2_test_user1_should_log_all'; +empty2_test_user1_should_log_all +empty2_test_user1_should_log_all +disconnect conn1b; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Whitespace and commas test - all users should be logged (no filter): +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'empty2_test_user1_should_log_all\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +TEST 3: Empty string - '' +======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_empty3.log'; +SET GLOBAL server_audit_incl_users = ''; +SET GLOBAL server_audit_logging = ON; +connect conn1c, localhost, audit_user1, password1,; +SELECT 'empty3_test_user1_should_log_all'; +empty3_test_user1_should_log_all +empty3_test_user1_should_log_all +disconnect conn1c; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Empty string test - all users should be logged (no filter): +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'empty3_test_user1_should_log_all\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +Cleanup +======================================================================= +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +# Test completed - empty input handling verified diff --git a/mysql-test/suite/plugins/r/server_audit_excl_double_comma.result b/mysql-test/suite/plugins/r/server_audit_excl_double_comma.result new file mode 100644 index 0000000000000..049f9f68a75aa --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_excl_double_comma.result @@ -0,0 +1,77 @@ +# +# Test for double comma handling in SERVER_AUDIT_EXCL_USERS +# Bug: Double commas (e.g., 'user1,,user2') cause incorrect exclusion behavior +# Expected: Only user1 and user2 should be excluded from logging +# +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; +# +# Install the audit plugin +# +INSTALL PLUGIN server_audit SONAME 'server_audit'; +# +# Set up audit log file +# +# +# Configure audit with double comma in excl_users +# user1 and user2 should be EXCLUDED (not logged) +# user3 should be INCLUDED (logged) +# +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_excl_double_comma.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_excl_users = 'audit_user1,,audit_user2'; +SET GLOBAL server_audit_logging = ON; +# +# Connect as user1 - should NOT be logged (excluded) +# +connect conn1, localhost, audit_user1, password1,; +SELECT 'query_from_user1_EXCLUDED'; +query_from_user1_EXCLUDED +query_from_user1_EXCLUDED +disconnect conn1; +# +# Connect as user2 - should NOT be logged (excluded) +# +connect conn2, localhost, audit_user2, password2,; +SELECT 'query_from_user2_EXCLUDED'; +query_from_user2_EXCLUDED +query_from_user2_EXCLUDED +disconnect conn2; +# +# Connect as user3 - SHOULD be logged (not in excl_users) +# +connect conn3, localhost, audit_user3, password3,; +SELECT 'query_from_user3_SHOULD_LOG'; +query_from_user3_SHOULD_LOG +query_from_user3_SHOULD_LOG +disconnect conn3; +connection default; +# +# Cleanup +# +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; +# +# Verify audit log - only user3 queries should appear +# +# The audit log should contain queries from user3 only +# user1 and user2 are excluded and should NOT appear +# If the bug exists, user1 and user2 queries will also appear +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user3,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'query_from_user3_SHOULD_LOG\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 +# +# Remove the temporary audit log +# +# Test completed - excl_users double comma handling verified diff --git a/mysql-test/suite/plugins/r/server_audit_multiple_commas.result b/mysql-test/suite/plugins/r/server_audit_multiple_commas.result new file mode 100644 index 0000000000000..ccf74048919ac --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_multiple_commas.result @@ -0,0 +1,85 @@ + +======================================================================= +Test for multiple consecutive commas in SERVER_AUDIT_INCL_USERS +Bug: Multiple commas (e.g., 'user1,,,,,user2') cause all users to be logged +Expected: Only user1 and user2 should be logged +======================================================================= +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +======================================================================= +Install the audit plugin +======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +======================================================================= +Set up audit log file +======================================================================= + +======================================================================= +Configure audit with multiple consecutive commas in incl_users +======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_multiple_commas.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = 'audit_user1,,,,,audit_user2'; +SET GLOBAL server_audit_logging = ON; + +======================================================================= +Connect as user1 - should be logged +======================================================================= +connect conn1, localhost, audit_user1, password1,; +SELECT 'query_from_user1'; +query_from_user1 +query_from_user1 +disconnect conn1; + +======================================================================= +Connect as user2 - should be logged +======================================================================= +connect conn2, localhost, audit_user2, password2,; +SELECT 'query_from_user2'; +query_from_user2 +query_from_user2 +disconnect conn2; + +======================================================================= +Connect as user3 - should NOT be logged (not in incl_users) +======================================================================= +connect conn3, localhost, audit_user3, password3,; +SELECT 'query_from_user3_NOT_in_list'; +query_from_user3_NOT_in_list +query_from_user3_NOT_in_list +disconnect conn3; +connection default; + +======================================================================= +Cleanup +======================================================================= +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +======================================================================= +Verify audit log - user3 queries should NOT appear +======================================================================= +# The audit log should contain queries from user1 and user2 only +# If the bug exists, user3 queries will also appear (all users logged) +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'query_from_user1\'',0 +TIME,HOSTNAME,audit_user2,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'query_from_user2\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +Remove the temporary audit log +======================================================================= +# Test completed - multiple consecutive commas handling verified diff --git a/mysql-test/suite/plugins/r/server_audit_whitespace.result b/mysql-test/suite/plugins/r/server_audit_whitespace.result new file mode 100644 index 0000000000000..b37d0374dfa7d --- /dev/null +++ b/mysql-test/suite/plugins/r/server_audit_whitespace.result @@ -0,0 +1,81 @@ + +======================================================================= +Test for whitespace handling in SERVER_AUDIT_INCL_USERS +Bug: Whitespace around commas with empty tokens causes all users logged +Expected: Only specified users should be logged +======================================================================= +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +======================================================================= +Install the audit plugin +======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +======================================================================= +Set up audit log file +======================================================================= + +======================================================================= +TEST 1: Whitespace around commas - 'user1 , user2' +======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_whitespace1.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = 'audit_user1 , audit_user2'; +SET GLOBAL server_audit_logging = ON; +connect conn1a, localhost, audit_user1, password1,; +SELECT 'whitespace1_test_user1'; +whitespace1_test_user1 +whitespace1_test_user1 +disconnect conn1a; +connect conn3a, localhost, audit_user3, password3,; +SELECT 'whitespace1_test_user3_NOT_in_list'; +whitespace1_test_user3_NOT_in_list +whitespace1_test_user3_NOT_in_list +disconnect conn3a; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Whitespace test 1 - user3 should NOT appear: +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'whitespace1_test_user1\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +TEST 2: Whitespace with empty tokens - 'user1 , , user2' +======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_whitespace2.log'; +SET GLOBAL server_audit_incl_users = 'audit_user1 , , audit_user2'; +SET GLOBAL server_audit_logging = ON; +connect conn1b, localhost, audit_user1, password1,; +SELECT 'whitespace2_test_user1'; +whitespace2_test_user1 +whitespace2_test_user1 +disconnect conn1b; +connect conn3b, localhost, audit_user3, password3,; +SELECT 'whitespace2_test_user3_NOT_in_list'; +whitespace2_test_user3_NOT_in_list +whitespace2_test_user3_NOT_in_list +disconnect conn3b; +connection default; +SET GLOBAL server_audit_logging = OFF; +# Whitespace test 2 - user3 should NOT appear: +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = ON',0 +TIME,HOSTNAME,audit_user1,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SELECT \'whitespace2_test_user1\'',0 +TIME,HOSTNAME,root,localhost,CONNECTION_ID,QUERY_ID,QUERY,test,'SET GLOBAL server_audit_logging = OFF',0 + +======================================================================= +Cleanup +======================================================================= +UNINSTALL PLUGIN server_audit; +Warnings: +Warning 1620 Plugin is busy and will be uninstalled on shutdown +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; +# Test completed - whitespace handling verified diff --git a/mysql-test/suite/plugins/t/server_audit_double_comma.test b/mysql-test/suite/plugins/t/server_audit_double_comma.test new file mode 100644 index 0000000000000..1e5dbbf87351b --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_double_comma.test @@ -0,0 +1,94 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo # +--echo # Test for double comma handling in SERVER_AUDIT_INCL_USERS +--echo # Bug: Double commas (e.g., 'user1,,user2') cause all users to be logged +--echo # Expected: Only user1 and user2 should be logged +--echo # + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +--echo # +--echo # Install the audit plugin +--echo # +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo # +--echo # Set up audit log file +--echo # +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo # +--echo # Configure audit with double comma in incl_users +--echo # +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_double_comma.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +# This is the bug case - double comma between users +SET GLOBAL server_audit_incl_users = 'audit_user1,,audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--echo # +--echo # Connect as user1 - should be logged +--echo # +--connect (conn1, localhost, audit_user1, password1,) +SELECT 'query_from_user1'; +--disconnect conn1 + +--echo # +--echo # Connect as user2 - should be logged +--echo # +--connect (conn2, localhost, audit_user2, password2,) +SELECT 'query_from_user2'; +--disconnect conn2 + +--echo # +--echo # Connect as user3 - should NOT be logged (not in incl_users) +--echo # +--connect (conn3, localhost, audit_user3, password3,) +SELECT 'query_from_user3_NOT_in_list'; +--disconnect conn3 + +--connection default + +--echo # +--echo # Cleanup +--echo # +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +--echo # +--echo # Verify audit log - user3 queries should NOT appear +--echo # +--echo # The audit log should contain queries from user1 and user2 only +--echo # If the bug exists, user3 queries will also appear (all users logged) +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_double_comma.log; + +--echo # +--echo # Remove the temporary audit log +--echo # +--remove_file $MYSQLD_DATADIR/server_audit_double_comma.log + +--echo # Test completed - double comma handling verified + +--enable_ps2_protocol diff --git a/mysql-test/suite/plugins/t/server_audit_edge_commas.test b/mysql-test/suite/plugins/t/server_audit_edge_commas.test new file mode 100644 index 0000000000000..a764fd04b081e --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_edge_commas.test @@ -0,0 +1,125 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo +--echo ======================================================================= +--echo Test for leading and trailing commas in SERVER_AUDIT_INCL_USERS +--echo Bug: Edge commas (e.g., ',user1,user2,') cause all users to be logged +--echo Expected: Only user1 and user2 should be logged +--echo ======================================================================= + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +--echo +--echo ======================================================================= +--echo Install the audit plugin +--echo ======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo +--echo ======================================================================= +--echo Set up audit log file +--echo ======================================================================= +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo +--echo ======================================================================= +--echo TEST 1: Leading comma - ',user1,user2' +--echo ======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_leading.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = ',audit_user1,audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1a, localhost, audit_user1, password1,) +SELECT 'leading_test_user1'; +--disconnect conn1a + +--connect (conn3a, localhost, audit_user3, password3,) +SELECT 'leading_test_user3_NOT_in_list'; +--disconnect conn3a + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Leading comma test - user3 should NOT appear: +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_edge_commas_leading.log; +--remove_file $MYSQLD_DATADIR/server_audit_edge_commas_leading.log + +--echo +--echo ======================================================================= +--echo TEST 2: Trailing comma - 'user1,user2,' +--echo ======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_trailing.log'; +SET GLOBAL server_audit_incl_users = 'audit_user1,audit_user2,'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1b, localhost, audit_user1, password1,) +SELECT 'trailing_test_user1'; +--disconnect conn1b + +--connect (conn3b, localhost, audit_user3, password3,) +SELECT 'trailing_test_user3_NOT_in_list'; +--disconnect conn3b + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Trailing comma test - user3 should NOT appear: +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_edge_commas_trailing.log; +--remove_file $MYSQLD_DATADIR/server_audit_edge_commas_trailing.log + +--echo +--echo ======================================================================= +--echo TEST 3: Both leading and trailing commas - ',user1,user2,' +--echo ======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_edge_commas_both.log'; +SET GLOBAL server_audit_incl_users = ',audit_user1,audit_user2,'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1c, localhost, audit_user1, password1,) +SELECT 'both_test_user1'; +--disconnect conn1c + +--connect (conn3c, localhost, audit_user3, password3,) +SELECT 'both_test_user3_NOT_in_list'; +--disconnect conn3c + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Both commas test - user3 should NOT appear: +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_edge_commas_both.log; +--remove_file $MYSQLD_DATADIR/server_audit_edge_commas_both.log + +--echo +--echo ======================================================================= +--echo Cleanup +--echo ======================================================================= +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +--echo # Test completed - edge commas handling verified + +--enable_ps2_protocol diff --git a/mysql-test/suite/plugins/t/server_audit_empty_input.test b/mysql-test/suite/plugins/t/server_audit_empty_input.test new file mode 100644 index 0000000000000..9283783dbeed7 --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_empty_input.test @@ -0,0 +1,108 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo +--echo ======================================================================= +--echo Test for empty and invalid input in SERVER_AUDIT_INCL_USERS +--echo Tests: empty string, only commas, only whitespace and commas +--echo Expected: When incl_users is effectively empty, ALL users are logged +--echo (empty inclusion list = no filtering) +--echo ======================================================================= + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; + +--echo +--echo ======================================================================= +--echo Install the audit plugin +--echo ======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo +--echo ======================================================================= +--echo Set up audit log file +--echo ======================================================================= +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo +--echo ======================================================================= +--echo TEST 1: Only commas - ',,,' +--echo ======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_empty1.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = ',,,'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1a, localhost, audit_user1, password1,) +SELECT 'empty1_test_user1_should_log_all'; +--disconnect conn1a + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Only commas test - all users should be logged (no filter): +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_empty1.log; +--remove_file $MYSQLD_DATADIR/server_audit_empty1.log + +--echo +--echo ======================================================================= +--echo TEST 2: Whitespace and commas - ' , , ' +--echo ======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_empty2.log'; +SET GLOBAL server_audit_incl_users = ' , , '; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1b, localhost, audit_user1, password1,) +SELECT 'empty2_test_user1_should_log_all'; +--disconnect conn1b + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Whitespace and commas test - all users should be logged (no filter): +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_empty2.log; +--remove_file $MYSQLD_DATADIR/server_audit_empty2.log + +--echo +--echo ======================================================================= +--echo TEST 3: Empty string - '' +--echo ======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_empty3.log'; +SET GLOBAL server_audit_incl_users = ''; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1c, localhost, audit_user1, password1,) +SELECT 'empty3_test_user1_should_log_all'; +--disconnect conn1c + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Empty string test - all users should be logged (no filter): +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_empty3.log; +--remove_file $MYSQLD_DATADIR/server_audit_empty3.log + +--echo +--echo ======================================================================= +--echo Cleanup +--echo ======================================================================= +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; + +--echo # Test completed - empty input handling verified + +--enable_ps2_protocol diff --git a/mysql-test/suite/plugins/t/server_audit_excl_double_comma.test b/mysql-test/suite/plugins/t/server_audit_excl_double_comma.test new file mode 100644 index 0000000000000..b920eb8b034d4 --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_excl_double_comma.test @@ -0,0 +1,97 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo # +--echo # Test for double comma handling in SERVER_AUDIT_EXCL_USERS +--echo # Bug: Double commas (e.g., 'user1,,user2') cause incorrect exclusion behavior +--echo # Expected: Only user1 and user2 should be excluded from logging +--echo # + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +--echo # +--echo # Install the audit plugin +--echo # +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo # +--echo # Set up audit log file +--echo # +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo # +--echo # Configure audit with double comma in excl_users +--echo # user1 and user2 should be EXCLUDED (not logged) +--echo # user3 should be INCLUDED (logged) +--echo # +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_excl_double_comma.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +# This is the bug case - double comma between users in exclusion list +SET GLOBAL server_audit_excl_users = 'audit_user1,,audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--echo # +--echo # Connect as user1 - should NOT be logged (excluded) +--echo # +--connect (conn1, localhost, audit_user1, password1,) +SELECT 'query_from_user1_EXCLUDED'; +--disconnect conn1 + +--echo # +--echo # Connect as user2 - should NOT be logged (excluded) +--echo # +--connect (conn2, localhost, audit_user2, password2,) +SELECT 'query_from_user2_EXCLUDED'; +--disconnect conn2 + +--echo # +--echo # Connect as user3 - SHOULD be logged (not in excl_users) +--echo # +--connect (conn3, localhost, audit_user3, password3,) +SELECT 'query_from_user3_SHOULD_LOG'; +--disconnect conn3 + +--connection default + +--echo # +--echo # Cleanup +--echo # +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +--echo # +--echo # Verify audit log - only user3 queries should appear +--echo # +--echo # The audit log should contain queries from user3 only +--echo # user1 and user2 are excluded and should NOT appear +--echo # If the bug exists, user1 and user2 queries will also appear +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_excl_double_comma.log; + +--echo # +--echo # Remove the temporary audit log +--echo # +--remove_file $MYSQLD_DATADIR/server_audit_excl_double_comma.log + +--echo # Test completed - excl_users double comma handling verified + +--enable_ps2_protocol diff --git a/mysql-test/suite/plugins/t/server_audit_multiple_commas.test b/mysql-test/suite/plugins/t/server_audit_multiple_commas.test new file mode 100644 index 0000000000000..50ffc5635e7e0 --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_multiple_commas.test @@ -0,0 +1,104 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo +--echo ======================================================================= +--echo Test for multiple consecutive commas in SERVER_AUDIT_INCL_USERS +--echo Bug: Multiple commas (e.g., 'user1,,,,,user2') cause all users to be logged +--echo Expected: Only user1 and user2 should be logged +--echo ======================================================================= + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +--echo +--echo ======================================================================= +--echo Install the audit plugin +--echo ======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo +--echo ======================================================================= +--echo Set up audit log file +--echo ======================================================================= +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo +--echo ======================================================================= +--echo Configure audit with multiple consecutive commas in incl_users +--echo ======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_multiple_commas.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +# This is the bug case - multiple consecutive commas between users +SET GLOBAL server_audit_incl_users = 'audit_user1,,,,,audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--echo +--echo ======================================================================= +--echo Connect as user1 - should be logged +--echo ======================================================================= +--connect (conn1, localhost, audit_user1, password1,) +SELECT 'query_from_user1'; +--disconnect conn1 + +--echo +--echo ======================================================================= +--echo Connect as user2 - should be logged +--echo ======================================================================= +--connect (conn2, localhost, audit_user2, password2,) +SELECT 'query_from_user2'; +--disconnect conn2 + +--echo +--echo ======================================================================= +--echo Connect as user3 - should NOT be logged (not in incl_users) +--echo ======================================================================= +--connect (conn3, localhost, audit_user3, password3,) +SELECT 'query_from_user3_NOT_in_list'; +--disconnect conn3 + +--connection default + +--echo +--echo ======================================================================= +--echo Cleanup +--echo ======================================================================= +SET GLOBAL server_audit_logging = OFF; +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +--echo +--echo ======================================================================= +--echo Verify audit log - user3 queries should NOT appear +--echo ======================================================================= +--echo # The audit log should contain queries from user1 and user2 only +--echo # If the bug exists, user3 queries will also appear (all users logged) +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_multiple_commas.log; + +--echo +--echo ======================================================================= +--echo Remove the temporary audit log +--echo ======================================================================= +--remove_file $MYSQLD_DATADIR/server_audit_multiple_commas.log + +--echo # Test completed - multiple consecutive commas handling verified + +--enable_ps2_protocol diff --git a/mysql-test/suite/plugins/t/server_audit_whitespace.test b/mysql-test/suite/plugins/t/server_audit_whitespace.test new file mode 100644 index 0000000000000..a431670e4f61a --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit_whitespace.test @@ -0,0 +1,101 @@ +--source include/not_embedded.inc +--source include/no_view_protocol.inc + +--disable_ps2_protocol + +--echo +--echo ======================================================================= +--echo Test for whitespace handling in SERVER_AUDIT_INCL_USERS +--echo Bug: Whitespace around commas with empty tokens causes all users logged +--echo Expected: Only specified users should be logged +--echo ======================================================================= + +# Create test users +CREATE USER 'audit_user1'@'localhost' IDENTIFIED BY 'password1'; +CREATE USER 'audit_user2'@'localhost' IDENTIFIED BY 'password2'; +CREATE USER 'audit_user3'@'localhost' IDENTIFIED BY 'password3'; + +GRANT ALL ON *.* TO 'audit_user1'@'localhost'; +GRANT ALL ON *.* TO 'audit_user2'@'localhost'; +GRANT ALL ON *.* TO 'audit_user3'@'localhost'; + +--echo +--echo ======================================================================= +--echo Install the audit plugin +--echo ======================================================================= +INSTALL PLUGIN server_audit SONAME 'server_audit'; + +if (!`SELECT COUNT(*) FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='server_audit'`) { + --skip No SERVER_AUDIT plugin +} + +--echo +--echo ======================================================================= +--echo Set up audit log file +--echo ======================================================================= +let $MYSQLD_DATADIR= `SELECT @@datadir`; + +--echo +--echo ======================================================================= +--echo TEST 1: Whitespace around commas - 'user1 , user2' +--echo ======================================================================= +SET GLOBAL server_audit_logging = OFF; +SET GLOBAL server_audit_events = 'QUERY'; +SET GLOBAL server_audit_file_path = 'server_audit_whitespace1.log'; +SET GLOBAL server_audit_output_type = 'FILE'; +SET GLOBAL server_audit_incl_users = 'audit_user1 , audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1a, localhost, audit_user1, password1,) +SELECT 'whitespace1_test_user1'; +--disconnect conn1a + +--connect (conn3a, localhost, audit_user3, password3,) +SELECT 'whitespace1_test_user3_NOT_in_list'; +--disconnect conn3a + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Whitespace test 1 - user3 should NOT appear: +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_whitespace1.log; +--remove_file $MYSQLD_DATADIR/server_audit_whitespace1.log + +--echo +--echo ======================================================================= +--echo TEST 2: Whitespace with empty tokens - 'user1 , , user2' +--echo ======================================================================= +SET GLOBAL server_audit_file_path = 'server_audit_whitespace2.log'; +SET GLOBAL server_audit_incl_users = 'audit_user1 , , audit_user2'; +SET GLOBAL server_audit_logging = ON; + +--connect (conn1b, localhost, audit_user1, password1,) +SELECT 'whitespace2_test_user1'; +--disconnect conn1b + +--connect (conn3b, localhost, audit_user3, password3,) +SELECT 'whitespace2_test_user3_NOT_in_list'; +--disconnect conn3b + +--connection default +SET GLOBAL server_audit_logging = OFF; + +--echo # Whitespace test 2 - user3 should NOT appear: +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[^,]*,/TIME,HOSTNAME,/ /,[0-9]+,[0-9]+,/,CONNECTION_ID,QUERY_ID,/ /localhost:[0-9]+/localhost/ +cat_file $MYSQLD_DATADIR/server_audit_whitespace2.log; +--remove_file $MYSQLD_DATADIR/server_audit_whitespace2.log + +--echo +--echo ======================================================================= +--echo Cleanup +--echo ======================================================================= +UNINSTALL PLUGIN server_audit; + +DROP USER 'audit_user1'@'localhost'; +DROP USER 'audit_user2'@'localhost'; +DROP USER 'audit_user3'@'localhost'; + +--echo # Test completed - whitespace handling verified + +--enable_ps2_protocol diff --git a/plugin/server_audit/server_audit.cc b/plugin/server_audit/server_audit.cc index 54c8c3f8dc9be..78fe1c574ff12 100644 --- a/plugin/server_audit/server_audit.cc +++ b/plugin/server_audit/server_audit.cc @@ -552,6 +552,13 @@ static int user_coll_fill(struct user_coll *c, char *users, if (!*users) return 0; + /* Skip consecutive commas (empty tokens) to prevent inserting empty entries */ + if (*users == ',') + { + users++; + continue; + } + (void) getkey_user(users, &cmp_length, FALSE); if (cmp_c) {