⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Small refactor and additional test coverage for server audit plugin #4537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vuvova merged 3 commits into from
Jan 14, 2026
Merged

Small refactor and additional test coverage for server audit plugin #4537

vuvova merged 3 commits into from
Jan 14, 2026
+108 −14

Conversation

@tonychen2001
Copy link
Contributor

@tonychen2001 tonychen2001 commented Jan 12, 2026

Description

Minor code simplification and additional test coverage in the server audit plugin.

  1. Simplify event filtering logic
  • Replace if-else chain with a single bitwise AND check for query event type filtering (DDL/DML/DCL)
  • Remove goto statements and unused orig_query variable
  1. Add test coverage for SQL including comments (related to 635559a)
  • Add MTR tests validating that queries with various comment styles are properly logged:
    • -- comment, # comment, /*! ... */, /*M! ... */
    • Version-specific comments (/*!100100 ... */, /*M!100100 ... */)
    • Control characters in comments
  • These tests validate the fix from commit 635559a which removed the custom SQL parser
  1. Expand password obfuscation test coverage
  • Add test cases verifying passwords are masked (*****) in audit logs for:
    • GRANT ... IDENTIFIED BY
    • CHANGE MASTER ... MASTER_PASSWORD
    • CREATE SERVER ... PASSWORD
    • ALTER SERVER ... PASSWORD

Release Notes

N/A

How can this PR be tested?

Additional test cases were added to the server_audit MTR.

PR quality check

Copyright

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.

@CLAassistant
Copy link

CLAassistant commented Jan 12, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ tonychen2001
❌ vuvova
You have signed the CLA already but the status is still pending? Let us recheck it.

@gkodinov gkodinov added the External Contribution All PRs from entities outside of MariaDB Foundation, Corporation, Codership agreements. label Jan 13, 2026
@vuvova vuvova self-requested a review January 13, 2026 09:28
@vuvova vuvova enabled auto-merge (rebase) January 14, 2026 14:44
tonychen2001 and others added 3 commits January 14, 2026 15:47
@tonychen2001 @vuvova
Simplify event filtering logic in server_audit plugin
0a941bc 
Replace if-else chain with a single bitwise AND check when filtering query
events by type (DDL, DML, DCL, etc.).

The removes the need for the goto statements.

Additionally, we remove the orig_query variable as it served no purpose.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license
@vuvova
Add test cases for comment handling in audit plugin
ce269e1 
The fix was implemented in 635559a.

Previously with the hand-rolled SQL string parsing in the audit plugin, there
were many simple ways to bypass server audit logging by placing comments
strategically in the query string. The fix in 635559a removes the custom SQL
string parser which addresses the issue.

We now add MTRs for validation.
@tonychen2001 @vuvova
Add additional password obfuscation test cases for server audit plugin
7342c26 
- GRANT SELECT ... IDENTIFIED BY
- CHANGE MASTER ... MASTER_PASSWORD
- CREATE SERVER ... PASSWORD
- ALTER SERVER ... PASSWORD

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license
@vuvova vuvova merged commit 52a2b72 into MariaDB:10.6 Jan 14, 2026
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vuvova vuvova vuvova approved these changes

Assignees

@vuvova vuvova

Labels

External Contribution All PRs from entities outside of MariaDB Foundation, Corporation, Codership agreements.

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tonychen2001 @CLAassistant @vuvova @gkodinov