MXS-1461 Create error message only when blocking

Only if the filter is in blocking mode, will a match cause an error to be returned. Thus, no point in creating the error message unless the filter is in blocking mode.
2017-11-10 11:40:35 +02:00
parent ea0f8978b2
commit 9d686c4c41
1 changed files with 33 additions and 10 deletions
--- a/server/modules/filter/dbfwfilter/rules.cc
+++ b/server/modules/filter/dbfwfilter/rules.cc
@ -42,7 +42,10 @@ Rule::~Rule()
 bool Rule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) const
 {
    MXS_NOTICE("rule '%s': query matches at this time.", name().c_str());
-    *msg = create_error("Permission denied at this time.");
+    if (session->get_action() == FW_ACTION_BLOCK)
+    {
+        *msg = create_error("Permission denied at this time.");
+    }
    return true;
 }

@ -92,7 +95,10 @@ bool WildCardRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg
            if (strcmp(infos[i].column, "*") == 0)
            {
                MXS_NOTICE("rule '%s': query contains a wildcard.", name().c_str());
-                *msg = create_error("Usage of wildcard denied.");
+                if (session->get_action() == FW_ACTION_BLOCK)
+                {
+                    *msg = create_error("Usage of wildcard denied.");
+                }
                rval = true;
            }
        }
@ -108,7 +114,10 @@ bool NoWhereClauseRule::matches_query(DbfwSession* session, GWBUF* buffer, char*
    if (query_is_sql(buffer) && !qc_query_has_clause(buffer))
    {
        MXS_NOTICE("rule '%s': query has no where/having clause.", name().c_str());
-        *msg = create_error("Required WHERE/HAVING clause is missing.");
+        if (session->get_action() == FW_ACTION_BLOCK)
+        {
+            *msg = create_error("Required WHERE/HAVING clause is missing.");
+        }
        rval = true;
    }

@ -132,7 +141,10 @@ bool RegexRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg) c
        if (pcre2_match(re, (PCRE2_SPTR)sql, (size_t)len, 0, 0, mdata, NULL) > 0)
        {
            MXS_NOTICE("rule '%s': regex matched on query", name().c_str());
-            *msg = create_error("Permission denied, query matched regular expression.");
+            if (session->get_action() == FW_ACTION_BLOCK)
+            {
+                *msg = create_error("Permission denied, query matched regular expression.");
+            }
            rval = true;
        }

@ -162,7 +174,10 @@ bool ColumnsRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg)
            {
                MXS_NOTICE("rule '%s': query targets specified column: %s",
                           name().c_str(), tok.c_str());
-                *msg = create_error("Permission denied to column '%s'.", tok.c_str());
+                if (session->get_action() == FW_ACTION_BLOCK)
+                {
+                    *msg = create_error("Permission denied to column '%s'.", tok.c_str());
+                }
                rval = true;
                break;
            }
@ -194,7 +209,10 @@ bool FunctionRule::matches_query(DbfwSession* session, GWBUF* buffer, char** msg
            {
                MXS_NOTICE("rule '%s': query matches function: %s",
                           name().c_str(), tok.c_str());
-                *msg = create_error("Permission denied to function '%s'.", tok.c_str());
+                if (session->get_action() == FW_ACTION_BLOCK)
+                {
+                    *msg = create_error("Permission denied to function '%s'.", tok.c_str());
+                }
                rval = true;
                break;
            }
@ -224,7 +242,10 @@ bool FunctionUsageRule::matches_query(DbfwSession* session, GWBUF* buffer, char*
                {
                    MXS_NOTICE("rule '%s': query uses a function with specified column: %s",
                               name().c_str(), tok.c_str());
-                    *msg = create_error("Permission denied to column '%s' with function.", tok.c_str());
+                    if (session->get_action() == FW_ACTION_BLOCK)
+                    {
+                        *msg = create_error("Permission denied to column '%s' with function.", tok.c_str());
+                    }
                    return true;
                }
            }
@ -268,12 +289,14 @@ bool ColumnFunctionRule::matches_query(DbfwSession* session, GWBUF* buffer, char
                    {
                        MXS_NOTICE("rule '%s': query uses function '%s' with specified column: %s",
                                   name().c_str(), col.c_str(), func.c_str());
-                        *msg = create_error("Permission denied to column '%s' with function '%s'.",
-                                            col.c_str(), func.c_str());
+                        if (session->get_action() == FW_ACTION_BLOCK)
+                        {
+                            *msg = create_error("Permission denied to column '%s' with function '%s'.",
+                                                col.c_str(), func.c_str());
+                        }
                        return true;
                    }
                }
-
            }
        }
    }