WL#14267 Audit filters: log either the digest or the raw query text

Extension that allows to replace SQL query plain text in the audit log file
with the query digest text:

SELECT ? = ?
INSERT INTO `test`.`test_table` VALUES (?)

Both XML and JSON formats are supported.

Query digest text can be written, only when the JSON filtering is used.

Basing configuration is done using the following JSON syntax:

print: { field: { name: general_query.str,
                    print: false,
                    replace : { function: { name: query_digest } } } }

RB: 25947

Reviewed-by: Georgi 'Joro' Kodinov <[email protected]>
Reviewed-by: Ivan Svaljek <[email protected]>

Author: maras007

include/mysql/components/services/bits/thd.h

@@ -0,0 +1,33 @@
+/* Copyright (c) 2021, Oracle and/or its affiliates.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License, version 2.0,
+as published by the Free Software Foundation.
+
+This program is also distributed with certain software (including
+but not limited to OpenSSL) that is licensed under separate terms,
+as designated in a particular file or component or in included license
+documentation.  The authors of MySQL hereby grant you an additional
+permission to link the program and your derivative works with the
+separately licensed software that they have included with MySQL.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License, version 2.0, for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#ifndef THD_BITS_H
+#define THD_BITS_H
+
+#ifdef __cplusplus
+class THD;
+#define MYSQL_THD THD *
+#else
+#define MYSQL_THD void *
+#endif
+
+#endif /* THD_BITS_H */

include/mysql/components/services/mysql_thd_attributes.h

@@ -0,0 +1,114 @@
+/* Copyright (c) 2021, Oracle and/or its affiliates.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License, version 2.0,
+as published by the Free Software Foundation.
+
+This program is also distributed with certain software (including
+but not limited to OpenSSL) that is licensed under separate terms,
+as designated in a particular file or component or in included license
+documentation.  The authors of MySQL hereby grant you an additional
+permission to link the program and your derivative works with the
+separately licensed software that they have included with MySQL.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License, version 2.0, for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#ifndef MYSQL_THD_ATTRIBUTES_H
+#define MYSQL_THD_ATTRIBUTES_H
+
+#include <mysql/components/service.h>
+#include <mysql/components/services/bits/thd.h>
+
+/**
+  @ingroup group_components_services_inventory
+
+  THD Attributes service allows to obtain data associated with the THD
+  object, which keeps various attributes of the user session.
+
+  Currently, following attributes are supported:
+
+  - Query Digest Text
+
+  @section Initialization
+
+  The service can be instantiated using the registry service with the
+  "mysql_thd_attributes" name.
+
+  @code
+  SERVICE_TYPE(registry) *registry = mysql_plugin_registry_acquire();
+  my_service<SERVICE_TYPE(mysql_thd_attributes)>
+                                         svc("mysql_thd_attributes", registry);
+  if (svc.is_valid()) {
+    // The service is ready to be used
+  }
+  @endcode
+
+  @section Query Digest Text
+
+  Query Digest represents converted SQL statement to normalized form. The code
+  below demonstrates how query digest can be obtained from the service.
+
+  @code
+  my_h_string str;
+
+  mysql_thd_attributes->get(m_thd, "query_digest",
+                                   reinterpret_cast<void *>(&str));
+  @endcode
+
+  The buffer can be fetched using the code below:
+
+  @code
+  char buf[1024]; // buffer must be big enough to store the digest
+
+  mysql_string_converter->convert_to_buffer(str, buf, sizeof(buf), "utf8");
+  @endcode
+
+  After the string content has been copied into another buffer, it must be
+  destroyed:
+
+  @code
+  mysql_string_factory->destroy(str);
+  @endcode
+*/
+BEGIN_SERVICE_DEFINITION(mysql_thd_attributes)
+
+/**
+  Get THD attribute.
+
+  Currently, following attributes are supported:
+
+  - Query Digest Text ("query_digest" of the returned my_h_string type).
+
+  @param      thd           Session THD object.
+  @param      name          Name of the attribute to be set.
+  @param[out] inout_pvalue  Iterator pointer.
+
+  @return
+    @retval FALSE Succeeded.
+    @retval TRUE  Failed.
+*/
+DECLARE_BOOL_METHOD(get, (MYSQL_THD thd, const char *name, void *inout_pvalue));
+
+/**
+  Set THD attribute.
+
+  Currently the implementation does not support setting of any attribute.
+
+  @param      thd           Session THD object.
+  @param      name          Name of the attribute to be set.
+  @param[out] inout_pvalue  Iterator pointer.
+
+  @return The function always fail and return TRUE value.
+*/
+DECLARE_BOOL_METHOD(set, (MYSQL_THD thd, const char *name, void *inout_pvalue));
+
+END_SERVICE_DEFINITION(mysql_thd_attributes)
+
+#endif /* MYSQL_THD_ATTRIBUTES_H */

sql/server_component/CMakeLists.txt

@@ -56,6 +56,7 @@ SET(MYSQL_SERVER_COMPONENT_SOURCES
   mysql_query_attributes_imp.cc
   mysql_server_keyring_lockable_imp.cc
   mysql_system_variable_update_imp.cc
+  mysql_thd_attributes_imp.cc
   )
 
 # This static library is used to build mysqld binary and in some unit test cases

sql/server_component/mysql_thd_attributes_imp.cc

@@ -0,0 +1,63 @@
+/* Copyright (c) 2021, Oracle and/or its affiliates.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License, version 2.0,
+as published by the Free Software Foundation.
+
+This program is also distributed with certain software (including
+but not limited to OpenSSL) that is licensed under separate terms,
+as designated in a particular file or component or in included license
+documentation.  The authors of MySQL hereby grant you an additional
+permission to link the program and your derivative works with the
+separately licensed software that they have included with MySQL.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License, version 2.0, for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include "mysql_thd_attributes_imp.h"
+
+#include <mysql/components/minimal_chassis.h>
+#include <mysql/components/services/mysql_string.h>
+#include "sql/current_thd.h"
+#include "sql/sql_class.h"
+#include "sql/sql_digest.h"
+
+DEFINE_BOOL_METHOD(mysql_thd_attributes_imp::get,
+                   (MYSQL_THD thd, const char *name, void *inout_pvalue)) {
+  try {
+    if (inout_pvalue) {
+      if (!strcmp(name, "query_digest")) {
+        THD *t = static_cast<THD *>(thd);
+
+        if (t == nullptr || t->m_digest == nullptr) return true;
+
+        String *res = new String[1];
+
+        compute_digest_text(&t->m_digest->m_digest_storage, res);
+
+        /* compute_digest_text returns string as to utf8. */
+        res->set_charset(&my_charset_utf8_bin);
+
+        *((my_h_string *)inout_pvalue) = (my_h_string)res;
+      } else
+        return true; /* invalid option */
+    }
+    return false;
+  } catch (...) {
+    mysql_components_handle_std_exception(__func__);
+  }
+  return true;
+}
+
+DEFINE_BOOL_METHOD(mysql_thd_attributes_imp::set,
+                   (MYSQL_THD thd MY_ATTRIBUTE((unused)),
+                    const char *name MY_ATTRIBUTE((unused)),
+                    void *inout_pvalue MY_ATTRIBUTE((unused)))) {
+  return true;
+}

sql/server_component/mysql_thd_attributes_imp.h

@@ -0,0 +1,46 @@
+/* Copyright (c) 2021, Oracle and/or its affiliates.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License, version 2.0,
+as published by the Free Software Foundation.
+
+This program is also distributed with certain software (including
+but not limited to OpenSSL) that is licensed under separate terms,
+as designated in a particular file or component or in included license
+documentation.  The authors of MySQL hereby grant you an additional
+permission to link the program and your derivative works with the
+separately licensed software that they have included with MySQL.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License, version 2.0, for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#ifndef MYSQL_THD_ATTRIBUTES_IMP_H
+#define MYSQL_THD_ATTRIBUTES_IMP_H
+
+#include <mysql/components/component_implementation.h>
+#include <mysql/components/services/mysql_thd_attributes.h>
+
+/**
+  An implementation of mysql_thd_attributes service methods
+*/
+class mysql_thd_attributes_imp {
+ public:
+  /**
+    Reads a named THD attribute and retuns its value.
+  */
+  static DEFINE_BOOL_METHOD(get, (MYSQL_THD thd, const char *name,
+                                  void *inout_pvalue));
+
+  /**
+    Empty implementation.
+  */
+  static DEFINE_BOOL_METHOD(set, (MYSQL_THD thd, const char *name,
+                                  void *inout_pvalue));
+};
+#endif /* MYSQL_THD_ATTRIBUTES_IMP_H */

sql/server_component/server_component.cc

@@ -70,6 +70,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
 #include "mysql_server_runnable_imp.h"
 #include "mysql_string_service_imp.h"
 #include "mysql_system_variable_update_imp.h"
+#include "mysql_thd_attributes_imp.h"
 #include "mysqld_error.h"
 #include "persistent_dynamic_loader_imp.h"
 #include "security_context_imp.h"
@@ -407,6 +408,10 @@ Keyring_writer_service_impl::store,
 BEGIN_SERVICE_IMPLEMENTATION(mysql_server, mysql_system_variable_update_string)
 mysql_system_variable_update_string_imp::set END_SERVICE_IMPLEMENTATION();
 
+BEGIN_SERVICE_IMPLEMENTATION(mysql_server, mysql_thd_attributes)
+mysql_thd_attributes_imp::get,
+    mysql_thd_attributes_imp::set END_SERVICE_IMPLEMENTATION();
+
 BEGIN_COMPONENT_PROVIDES(mysql_server)
 PROVIDES_SERVICE(mysql_server_path_filter, dynamic_loader_scheme_file),
     PROVIDES_SERVICE(mysql_server, persistent_dynamic_loader),
@@ -531,6 +536,7 @@ PROVIDES_SERVICE(mysql_server_path_filter, dynamic_loader_scheme_file),
     PROVIDES_SERVICE(mysql_server, field_integer_access_v1),
     PROVIDES_SERVICE(mysql_server, field_varchar_access_v1),
     PROVIDES_SERVICE(mysql_server, field_any_access_v1),
+    PROVIDES_SERVICE(mysql_server, mysql_thd_attributes),
     END_COMPONENT_PROVIDES();
 
 static BEGIN_COMPONENT_REQUIRES(mysql_server) END_COMPONENT_REQUIRES();