hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1461 Create error message only when blocking

Browse Source 
Only if the filter is in blocking mode, will a match cause an error
to be returned. Thus, no point in creating the error message unless
the filter is in blocking mode.
This commit is contained in:
Johan Wikman
2017-11-10 11:40:35 +02:00
parent ea0f8978b2
commit 9d686c4c41
1 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
server/modules/filter/dbfwfilter/rules.cc
View File

@ -42,7 +42,10 @@ Rule::~Rule()
bool Rule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const bool Rule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const
{ {
MXS_NOTICE("rule '%s': query matches at this time.", name().c_str()); MXS_NOTICE("rule '%s': query matches at this time.", name().c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied at this time."); *msg = create_error("Permission denied at this time.");
}
return true; return true;
} }
@ -92,7 +95,10 @@ bool WildCardRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg
if (strcmp(infos[i].column, "*") == 0) if (strcmp(infos[i].column, "*") == 0)
{ {
MXS_NOTICE("rule '%s': query contains a wildcard.", name().c_str()); MXS_NOTICE("rule '%s': query contains a wildcard.", name().c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Usage of wildcard denied."); *msg = create_error("Usage of wildcard denied.");
}
rval = true; rval = true;
} }
} }
@ -108,7 +114,10 @@ bool NoWhereClauseRule::matches_query(DbfwSession* session, GWBUF* buffer, char*
if (query_is_sql(buffer) && !qc_query_has_clause(buffer)) if (query_is_sql(buffer) && !qc_query_has_clause(buffer))
{ {
MXS_NOTICE("rule '%s': query has no where/having clause.", name().c_str()); MXS_NOTICE("rule '%s': query has no where/having clause.", name().c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Required WHERE/HAVING clause is missing."); *msg = create_error("Required WHERE/HAVING clause is missing.");
}
rval = true; rval = true;
} }
@ -132,7 +141,10 @@ bool RegexRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) c
if (pcre2_match(re, (PCRE2_SPTR)sql, (size_t)len, 0, 0, mdata, NULL) > 0) if (pcre2_match(re, (PCRE2_SPTR)sql, (size_t)len, 0, 0, mdata, NULL) > 0)
{ {
MXS_NOTICE("rule '%s': regex matched on query", name().c_str()); MXS_NOTICE("rule '%s': regex matched on query", name().c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied, query matched regular expression."); *msg = create_error("Permission denied, query matched regular expression.");
}
rval = true; rval = true;
} }
@ -162,7 +174,10 @@ bool ColumnsRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg)
{ {
MXS_NOTICE("rule '%s': query targets specified column: %s", MXS_NOTICE("rule '%s': query targets specified column: %s",
name().c_str(), tok.c_str()); name().c_str(), tok.c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied to column '%s'.", tok.c_str()); *msg = create_error("Permission denied to column '%s'.", tok.c_str());
}
rval = true; rval = true;
break; break;
} }
@ -194,7 +209,10 @@ bool FunctionRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg
{ {
MXS_NOTICE("rule '%s': query matches function: %s", MXS_NOTICE("rule '%s': query matches function: %s",
name().c_str(), tok.c_str()); name().c_str(), tok.c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied to function '%s'.", tok.c_str()); *msg = create_error("Permission denied to function '%s'.", tok.c_str());
}
rval = true; rval = true;
break; break;
} }
@ -224,7 +242,10 @@ bool FunctionUsageRule::matches_query(DbfwSession* session, GWBUF* buffer, char*
{ {
MXS_NOTICE("rule '%s': query uses a function with specified column: %s", MXS_NOTICE("rule '%s': query uses a function with specified column: %s",
name().c_str(), tok.c_str()); name().c_str(), tok.c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied to column '%s' with function.", tok.c_str()); *msg = create_error("Permission denied to column '%s' with function.", tok.c_str());
}
return true; return true;
} }
} }
@ -268,12 +289,14 @@ bool ColumnFunctionRule::matches_query(DbfwSession* session, GWBUF* buffer, char
{ {
MXS_NOTICE("rule '%s': query uses function '%s' with specified column: %s", MXS_NOTICE("rule '%s': query uses function '%s' with specified column: %s",
name().c_str(), col.c_str(), func.c_str()); name().c_str(), col.c_str(), func.c_str());
if (session->get_action() == FW_ACTION_BLOCK)
{
*msg = create_error("Permission denied to column '%s' with function '%s'.", *msg = create_error("Permission denied to column '%s' with function '%s'.",
col.c_str(), func.c_str()); col.c_str(), func.c_str());
}
return true; return true;
} }
} }
} }
} }
} }