opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 21:53:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

MySQL: Limit datasource error details returned from the backend (#19373)

Browse Source 
Only return certain mysql errors from backend.
The following errors is returned as is from backend:
error code 1064 (parse error)
error code 1054 (bad column/field selected)
error code 1146 (table not exists)
Any other errors is logged and returned as a generic
error.
Restrict use of certain functions:
Do not allow usage of the following in query:
system_user()
session_user()
current_user() or current_user
user()
show grants

Fixes #19360
This commit is contained in:
Marcus Efraimsson
2019-09-24 20:50:49 +02:00
committed by GitHub
parent 7c499ffdd8
commit 3de693af49
6 changed files with 102 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/tsdb/mysql/mysql.go
View File

@ -2,11 +2,14 @@ package mysql
import (
"database/sql"
"errors"
"fmt"
"reflect"
"strconv"
"strings"
"github.com/VividCortex/mysqlerr"
"github.com/grafana/grafana/pkg/setting"
"github.com/go-sql-driver/mysql"
@ -59,18 +62,18 @@ func newMysqlQueryEndpoint(datasource *models.DataSource) (tsdb.TsdbQueryEndpoin
MetricColumnTypes: []string{"CHAR", "VARCHAR", "TINYTEXT", "TEXT", "MEDIUMTEXT", "LONGTEXT"},
}
rowTransformer := mysqlRowTransformer{
rowTransformer := mysqlQueryResultTransformer{
log: logger,
}
return sqleng.NewSqlQueryEndpoint(&config, &rowTransformer, newMysqlMacroEngine(), logger)
return sqleng.NewSqlQueryEndpoint(&config, &rowTransformer, newMysqlMacroEngine(logger), logger)
}
type mysqlRowTransformer struct {
type mysqlQueryResultTransformer struct {
log log.Logger
}
func (t *mysqlRowTransformer) Transform(columnTypes []*sql.ColumnType, rows *core.Rows) (tsdb.RowValues, error) {
func (t *mysqlQueryResultTransformer) TransformQueryResult(columnTypes []*sql.ColumnType, rows *core.Rows) (tsdb.RowValues, error) {
values := make([]interface{}, len(columnTypes))
for i := range values {
@ -128,3 +131,16 @@ func (t *mysqlRowTransformer) Transform(columnTypes []*sql.ColumnType, rows *cor
return values, nil
}
func (t *mysqlQueryResultTransformer) TransformQueryError(err error) error {
if driverErr, ok := err.(*mysql.MySQLError); ok {
if driverErr.Number != mysqlerr.ER_PARSE_ERROR && driverErr.Number != mysqlerr.ER_BAD_FIELD_ERROR && driverErr.Number != mysqlerr.ER_NO_SUCH_TABLE {
t.log.Error("query error", "err", err)
return errQueryFailed
}
}
return err
}
var errQueryFailed = errors.New("Query failed. Please inspect Grafana server log for details")