From ca8350ae35221872798d0e9f7c0a8bac5771a450 Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Thu, 21 Mar 2019 16:07:33 +0200 Subject: [PATCH] MXS-2402 Document and handle 'check_unions' parameter Only parameter handling, no actual functionality. --- Documentation/Filters/Masking.md | 22 +++++++++++++++++++ .../modules/filter/masking/maskingfilter.cc | 6 +++++ .../filter/masking/maskingfilterconfig.cc | 18 +++++++++++++++ .../filter/masking/maskingfilterconfig.hh | 19 +++++++++++++++- 4 files changed, 64 insertions(+), 1 deletion(-) diff --git a/Documentation/Filters/Masking.md b/Documentation/Filters/Masking.md index a16146a4c..babc139ec 100644 --- a/Documentation/Filters/Masking.md +++ b/Documentation/Filters/Masking.md @@ -79,6 +79,14 @@ Please see the configuration parameter [check_user_variables](#check_user_variables) for how to change the default behaviour. +From MaxScale 2.3.5 onwards, the masking filter will examine unions +and if the second or subsequent SELECT refer to columns that should +be masked, the statement will be rejected. + +Please see the configuration parameter +[check_unions](#check_unions) +for how to change the default behaviour. + ## Limitations The masking filter can _only_ be used for masking columns of the following @@ -192,6 +200,20 @@ check_user_variables=false The default value is `true`. +#### `check_unions` + +This optional parameter specifies how the masking filter should +behave with respect to UNIONs. If true, then a statement like +``` +SELECT a FROM t1 UNION select b from t2; +``` +will be rejected if `b` is a column that should be masked. +``` +check_unions=false +``` + +The default value is `true`. + ## Rules The masking rules are expressed as a JSON object. diff --git a/server/modules/filter/masking/maskingfilter.cc b/server/modules/filter/masking/maskingfilter.cc index 827db8ae7..639e08c24 100644 --- a/server/modules/filter/masking/maskingfilter.cc +++ b/server/modules/filter/masking/maskingfilter.cc @@ -127,6 +127,12 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE() Config::check_user_variables_default, MXS_MODULE_OPT_NONE, }, + { + Config::check_unions_name, + MXS_MODULE_PARAM_BOOL, + Config::check_unions_default, + MXS_MODULE_OPT_NONE, + }, {MXS_END_MODULE_PARAMS} } }; diff --git a/server/modules/filter/masking/maskingfilterconfig.cc b/server/modules/filter/masking/maskingfilterconfig.cc index fb44a9195..ff78978be 100644 --- a/server/modules/filter/masking/maskingfilterconfig.cc +++ b/server/modules/filter/masking/maskingfilterconfig.cc @@ -28,6 +28,7 @@ const char config_value_always[] = "always"; const char config_name_prevent_function_usage[] = "prevent_function_usage"; const char config_check_user_variables[] = "check_user_variables"; +const char config_check_unions[] = "check_unions"; const char config_value_true[] = "true"; } @@ -88,11 +89,22 @@ const char* MaskingFilterConfig::prevent_function_usage_default = config_value_t /* * PARAM check_user_variables */ +// static const char* MaskingFilterConfig::check_user_variables_name = config_check_user_variables; // static const char* MaskingFilterConfig::check_user_variables_default = config_value_true; +/* + * PARAM check_unions + */ +// static +const char* MaskingFilterConfig::check_unions_name = config_check_unions; + +// static +const char* MaskingFilterConfig::check_unions_default = config_value_true; + + /* * MaskingFilterConfig */ @@ -130,3 +142,9 @@ bool MaskingFilterConfig::get_check_user_variables(const MXS_CONFIG_PARAMETER* p { return config_get_bool(pParams, check_user_variables_name); } + +// static +bool MaskingFilterConfig::get_check_unions(const MXS_CONFIG_PARAMETER* pParams) +{ + return config_get_bool(pParams, check_unions_name); +} diff --git a/server/modules/filter/masking/maskingfilterconfig.hh b/server/modules/filter/masking/maskingfilterconfig.hh index 28f493f5d..71f5b09ed 100644 --- a/server/modules/filter/masking/maskingfilterconfig.hh +++ b/server/modules/filter/masking/maskingfilterconfig.hh @@ -48,6 +48,9 @@ public: static const char* check_user_variables_name; static const char* check_user_variables_default; + static const char* check_unions_name; + static const char* check_unions_default; + MaskingFilterConfig(const char* zName, const MXS_CONFIG_PARAMETER* pParams) : m_name(zName) , m_large_payload(get_large_payload(pParams)) @@ -55,8 +58,10 @@ public: , m_warn_type_mismatch(get_warn_type_mismatch(pParams)) , m_prevent_function_usage(get_prevent_function_usage(pParams)) , m_check_user_variables(get_check_user_variables(pParams)) + , m_check_unions(get_check_unions(pParams)) { } + ~MaskingFilterConfig() { } @@ -91,6 +96,11 @@ public: return m_check_user_variables; } + bool check_unions() const + { + return m_check_unions; + } + void set_large_payload(large_payload_t l) { m_large_payload = l; @@ -115,9 +125,14 @@ public: m_check_user_variables = b; } + void set_check_unions(bool b) + { + m_check_unions = b; + } + bool is_parsing_needed() const { - return prevent_function_usage() || check_user_variables(); + return prevent_function_usage() || check_user_variables() || check_unions(); } static large_payload_t get_large_payload(const MXS_CONFIG_PARAMETER* pParams); @@ -125,6 +140,7 @@ public: static warn_type_mismatch_t get_warn_type_mismatch(const MXS_CONFIG_PARAMETER* pParams); static bool get_prevent_function_usage(const MXS_CONFIG_PARAMETER* pParams); static bool get_check_user_variables(const MXS_CONFIG_PARAMETER* pParams); + static bool get_check_unions(const MXS_CONFIG_PARAMETER* pParams); private: std::string m_name; @@ -133,4 +149,5 @@ private: warn_type_mismatch_t m_warn_type_mismatch; bool m_prevent_function_usage; bool m_check_user_variables; + bool m_check_unions; };