WL#16214 Export Query Results to Object Storage (Part 3/12)

Bug#37069723 - WL16214 OPTIMIZER_TRACE shows query text with PAR ID
Bug#37035000 - WL#16214: PAR leaked in show processlist during export data
Bug#37069770 - WL16214 SELECT EXPORT using PAR ID seen in slow_query_log
Bug#37069714 - WL16214 General Log shows PAR id with SELECT EXPORT
Bug#37041886 - WL#16214: PAR leaked to audit log

AIM
=============
Ensure SQL queries containing sensitive information like PAR IDs
are safely logged without exposing sensitive data (specifically the PAR ID).
If the query requires exporting of query result to object storage,
then any pattern matching the /p/<parID>/n/ is replaced with
 /p/<redacted>/n/
Moreover, we should refer to the rewritten query instead of the user
supplied one in such cases.

Change-Id: I4bb5f07fa3c7b9cf83a9ef6ba9e42154e75a44cb

Author: Kajori Banerjee

sql/parse_tree_nodes.cc

@@ -4252,6 +4252,12 @@ bool PT_into_destination_outfile::do_contextualize(Parse_context *pc) {
   LEX *lex = pc->thd->lex;
   lex->set_uncacheable(pc->select, UNCACHEABLE_SIDEEFFECT);
   if (dumpfile_dest == OBJECT_STORE_DEST) {
+    /*
+      To ensure SQL queries containing sensitive information like PAR IDs are
+      safely logged without exposing sensitive data, we need to redact the
+      relevant portions of the query.
+    */
+    lex->set_rewrite_required();
     lex->set_execute_only_in_secondary_engine(true, OUTFILE_OBJECT_STORE);
     lex->result = new (pc->mem_root) Query_result_to_object_store(&m_exchange);
   } else {

sql/sql_rewrite.cc

@@ -288,6 +288,12 @@ bool rewrite_query(THD *thd, Consumer_type type, const Rewrite_params *params,
     case SQLCOM_ALTER_SERVER:
       rw.reset(new Rewriter_alter_server(thd, type));
       break;
+    case SQLCOM_SELECT: {
+      if (thd->lex->export_result_to_object_storage()) {
+        rw.reset(new Rewriter_select_query(thd, type));
+      }
+      break;
+    }
 
     /*
       PREPARE stmt FROM <string> is rewritten so that <string> is
@@ -1819,3 +1825,50 @@ bool Rewriter_start_group_replication::rewrite(String &rlb) const {
 
   return true;
 }
+
+Rewriter_select_query::Rewriter_select_query(THD *thd, Consumer_type type)
+    : I_rewriter(thd, type) {}
+
+/**
+  Rewrite the query with the PAR id being redacted if the query exports query
+  result to the object storage.
+  Any pattern like "/p/.*?/n/" is replaced with  "/p/<redacted>/n/"
+  @param[in,out] rlb     Buffer to return the rewritten query in.
+
+  @retval true the query is rewritten
+*/
+bool Rewriter_select_query::rewrite(String &rlb) const {
+  assert(m_thd->lex->export_result_to_object_storage());
+  assert(m_thd->query().length);
+  String original_query_str(m_thd->query().str, m_thd->query().length,
+                            system_charset_info);
+  String pattern_start("/p/", system_charset_info);
+  String pattern_end("/n/", system_charset_info);
+
+  size_t search_offset = 0;
+  while (search_offset <= original_query_str.length()) {
+    auto first_index = original_query_str.strstr(pattern_start, search_offset);
+    if (first_index == -1) {
+      // we could not find any other "/p/"
+      break;
+    }
+
+    // search for the "/n/" after the "/p/" location
+    auto second_index = original_query_str.strstr(pattern_end, first_index);
+    if (second_index == -1) {
+      // we could not find any other "/n/"
+      break;
+    }
+
+    // Copy from the original string from the search_offset till first_index
+    rlb.append(original_query_str.c_ptr() + search_offset,
+               first_index - search_offset);
+    rlb.append(STRING_WITH_LEN("/p/<redacted>"));
+    search_offset = second_index;
+  }
+
+  // Copy the remaining string
+  rlb.append(original_query_str.c_ptr() + search_offset,
+             original_query_str.length() - search_offset);
+  return true;
+}

sql/sql_rewrite.h

@@ -352,4 +352,11 @@ class Rewriter_start_group_replication final : public I_rewriter {
   bool rewrite(String &rlb) const override;
 };
 
+/** Rewrites the SELECT statement. */
+class Rewriter_select_query final : public I_rewriter {
+ public:
+  Rewriter_select_query(THD *thd, Consumer_type type);
+  bool rewrite(String &rlb) const override;
+};
+
 #endif /* SQL_REWRITE_INCLUDED */