Bug#29625461 DATA INJECTION THROUGH ANALYZE TABLE COMMAND

Problem
=======
Audit API generates MYSQL_AUDIT_TABLE_ACCESS_READ for SQL commands that performs
table read operation. This was not done for ANALYZE TABLE command.

Analysis
========
Audit event generation explicitly specifies the set of sql commands, which
generate MYSQL_AUDIT_TABLE_ACCESS_READ event. The set must be extended
for ANALYZE TABLE too, since it performs table read operation.

Fix
===
Generate MYSQL_AUDIT_TABLE_ACCESS_READ event for ANALYZE TABLE syntax. This
allows for better audit logging as well for audit rule filtering including
aborting on command.

RB: 22879
Approved by: Georgi 'Joro' Kodinov <[email protected]>
Approved by: Harin Vadodaria <[email protected]>

Author: maras007

mysql-test/suite/audit_null/r/audit_plugin_2.result

@@ -600,6 +600,23 @@ a
 SELECT @@null_audit_event_order_check;
 @@null_audit_event_order_check
 EVENT-ORDER-OK
+SET @@null_audit_event_order_check_exact = <expected_check_exact>;
+SET @@null_audit_event_order_check = 'MYSQL_AUDIT_COMMAND_START;command_id="<expected_command_id>";;'
+                                          'MYSQL_AUDIT_PARSE_PREPARSE;;;'
+                                          'MYSQL_AUDIT_PARSE_POSTPARSE;;;'
+                                          'MYSQL_AUDIT_GENERAL_LOG;;;'
+                                          'MYSQL_AUDIT_QUERY_START;sql_command_id="51";;'
+                                          'MYSQL_AUDIT_TABLE_ACCESS_READ;db="super_test" table="test_table";;'
+                                          'MYSQL_AUDIT_QUERY_STATUS_END;sql_command_id="51";;'
+                                          'MYSQL_AUDIT_GENERAL_RESULT;;;'
+                                          'MYSQL_AUDIT_GENERAL_STATUS;;;'
+                                          'MYSQL_AUDIT_COMMAND_END;command_id="<expected_command_id>";';
+ANALYZE TABLE test_table;
+Table	Op	Msg_type	Msg_text
+super_test.test_table	analyze	status	OK
+SELECT @@null_audit_event_order_check;
+@@null_audit_event_order_check
+EVENT-ORDER-OK
 ###########################
 ## TABLE_ACCESS - INSERT ##
 ###########################

mysql-test/suite/audit_null/t/audit_plugin_2.test

@@ -619,6 +619,22 @@ eval SET @@null_audit_event_order_check = 'MYSQL_AUDIT_COMMAND_START;command_id=
 SELECT * FROM audit_temp_table;
 SELECT @@null_audit_event_order_check;
 
+--replace_result $event_order_exact <expected_check_exact>
+eval SET @@null_audit_event_order_check_exact = $event_order_exact;
+--replace_regex /;command_id="[0-9]+"/;command_id="<expected_command_id>"/
+eval SET @@null_audit_event_order_check = 'MYSQL_AUDIT_COMMAND_START;command_id="$command_start_id";;'
+                                          'MYSQL_AUDIT_PARSE_PREPARSE;;;'
+                                          'MYSQL_AUDIT_PARSE_POSTPARSE;;;'
+                                          'MYSQL_AUDIT_GENERAL_LOG;;;'
+                                          'MYSQL_AUDIT_QUERY_START;sql_command_id="51";;'
+                                          'MYSQL_AUDIT_TABLE_ACCESS_READ;db="super_test" table="test_table";;'
+                                          'MYSQL_AUDIT_QUERY_STATUS_END;sql_command_id="51";;'
+                                          'MYSQL_AUDIT_GENERAL_RESULT;;;'
+                                          'MYSQL_AUDIT_GENERAL_STATUS;;;'
+                                          'MYSQL_AUDIT_COMMAND_END;command_id="$command_end_id";';
+ANALYZE TABLE test_table;
+SELECT @@null_audit_event_order_check;
+
 --echo ###########################
 --echo ## TABLE_ACCESS - INSERT ##
 --echo ###########################

sql/sql_audit.cc

@@ -689,6 +689,7 @@ int mysql_audit_table_access_notify(THD *thd, TABLE_LIST *table)
       break;
     case SQLCOM_SELECT:
     case SQLCOM_HA_READ:
+    case SQLCOM_ANALYZE:
       set_table_access_subclass(&subclass, &subclass_name,
                                 AUDIT_EVENT(MYSQL_AUDIT_TABLE_ACCESS_READ));
       break;