Skip to content

mysql USER and HOST should be quoted for drop query #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 27, 2021
Merged

mysql USER and HOST should be quoted for drop query #443

merged 1 commit into from
Apr 27, 2021

Conversation

neubi4
Copy link
Contributor

@neubi4 neubi4 commented Apr 27, 2021

USER and HOST should be quoted to avoid errors in drop user statement.

Query result unquoted:

+------------------------------------------+
| users                                    |
+------------------------------------------+
| root@localhost, [email protected], root@::1 |
+------------------------------------------+

Raised this error:

TASK [devsec.hardening.mysql_hardening : ensure that there are no users without password or authentication_string] *************************************************************************
fatal: [host]: FAILED! => changed=false
  msg: 'Cannot execute SQL ''DROP USER root@localhost, [email protected], root@::1'' args [None]: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''::1'' at line 1")'

Query result Quoted:

+------------------------------------------------------+
| users                                                |
+------------------------------------------------------+
| 'root'@'localhost', 'root'@'127.0.0.1', 'root'@'::1' |
+------------------------------------------------------+

@neubi4
USER and HOST should be quoted
8d6e018 
USER and HOST should be quoted to avoid errors in drop user statement

Signed-off-by: Martin Neubert <[email protected]>
@rndmh3ro rndmh3ro merged commit 284943b into dev-sec:master Apr 27, 2021
@rndmh3ro
Copy link
Member

Thank you! I wonder why this error didn't happen in my tests..

@rndmh3ro rndmh3ro mentioned this pull request Apr 28, 2021
Closed
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@neubi4
USER and HOST should be quoted (dev-sec#443)
1ccf91f 
USER and HOST should be quoted to avoid errors in drop user statement

Signed-off-by: Martin Neubert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug mysql_hardening patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@neubi4 @rndmh3ro