Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

br: Solve SQL Injection Risk - Format String #49666

Merged
merged 14 commits into from
Jan 5, 2024
Merged

br: Solve SQL Injection Risk - Format String #49666

merged 14 commits into from
Jan 5, 2024

Conversation

lyzx2001
Copy link
Contributor

What problem does this PR solve?

Issue Number: ref #30699

Problem Summary:

What changed and how does it work?

Solve SQL Injection Risk - Format String.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No need to test
    • I checked and no code files have been changed.

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot bot added do-not-merge/invalid-title release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 21, 2023
@tiprow tiprow
Copy link

tiprow bot commented Dec 21, 2023

Hi @lyzx2001. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001 lyzx2001 changed the title Solve SQL Injection Risk - Format String br: Solve SQL Injection Risk - Format String Dec 21, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 21, 2023
edited
Loading

Codecov Report

Merging #49666 (c08919e) into master (eff1156) will increase coverage by 11.4831%.
Report is 103 commits behind head on master.
The diff coverage is 87.5000%.

Additional details and impacted files 
@@                Coverage Diff                @@
##             master     #49666         +/-   ##
=================================================
+ Coverage   70.9388%   82.4220%   +11.4831%     
=================================================
  Files          1368       2444       +1076     
  Lines        396702     675516     +278814     
=================================================
+ Hits         281416     556774     +275358     
- Misses        95593      97666       +2073     
- Partials      19693      21076       +1383
Flag Coverage Δ
integration 50.5760% <79.1666%> (?)
unit 79.2724% <87.5000%> (+8.3335%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 73.6130% <ø> (+19.6466%) ⬆️
parser ∅ <ø> (∅)
br 75.2739% <87.5000%> (+22.3706%) ⬆️

@ti-chi-bot ti-chi-bot bot added the component/dumpling This is related to Dumpling of TiDB. label Dec 21, 2023
@lyzx2001
Copy link
Contributor Author

/test pull-lightning-integration-test

@tiprow tiprow
Copy link

tiprow bot commented Dec 21, 2023

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-lightning-integration-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001
Copy link
Contributor Author

/cc @lance6716

@ti-chi-bot ti-chi-bot bot requested a review from lance6716 December 21, 2023 09:52
@ti-chi-bot ti-chi-bot bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 21, 2023
@lyzx2001
Copy link
Contributor Author

/test pull-lightning-integration-test

@tiprow tiprow
Copy link

tiprow bot commented Dec 21, 2023

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-lightning-integration-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001
Copy link
Contributor Author

/retest

@tiprow tiprow
Copy link

tiprow bot commented Dec 21, 2023

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001
Copy link
Contributor Author

/retest

@tiprow tiprow
Copy link

tiprow bot commented Dec 21, 2023

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

lance6716
lance6716 reviewed Dec 21, 2023
View reviewed changes
Copy link
Contributor

@lance6716 lance6716 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also need to update other unit tests I didn't mention

br/pkg/lightning/checkpoints/checkpoints_sql_test.go Show resolved Hide resolved
br/pkg/lightning/checkpoints/checkpoints_sql_test.go Show resolved Hide resolved
@ti-chi-bot ti-chi-bot bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 28, 2023
@lyzx2001
Copy link
Contributor Author

/test pull-lightning-integration-test

@tiprow tiprow
Copy link

tiprow bot commented Dec 28, 2023

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-lightning-integration-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ti-chi-bot ti-chi-bot bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 4, 2024
@lyzx2001
Copy link
Contributor Author

lyzx2001 commented Jan 4, 2024

/test pull-lightning-integration-test

@tiprow tiprow
Copy link

tiprow bot commented Jan 4, 2024

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/test pull-lightning-integration-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001
Copy link
Contributor Author

lyzx2001 commented Jan 4, 2024

/retest

@tiprow tiprow
Copy link

tiprow bot commented Jan 4, 2024

@lyzx2001: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lyzx2001
Copy link
Contributor Author

lyzx2001 commented Jan 4, 2024

/cc @lance6716

@ti-chi-bot ti-chi-bot bot requested a review from lance6716 January 4, 2024 07:02
@ti-chi-bot ti-chi-bot bot added the needs-1-more-lgtm Indicates a PR needs 1 more LGTM. label Jan 4, 2024
@lyzx2001
Copy link
Contributor Author

lyzx2001 commented Jan 4, 2024

/cc @GMHDBJD

@ti-chi-bot ti-chi-bot bot requested a review from GMHDBJD January 4, 2024 07:18
GMHDBJD
GMHDBJD approved these changes Jan 5, 2024
View reviewed changes
Copy link
Contributor

@GMHDBJD GMHDBJD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Jan 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: GMHDBJD, lance6716

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added approved lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Jan 5, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Jan 5, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-01-04 07:13:56.745155919 +0000 UTC m=+2327527.782382846: ☑️ agreed by lance6716.
  • 2024-01-05 02:03:58.632375566 +0000 UTC m=+2395329.669602493: ☑️ agreed by GMHDBJD.

@tiprow tiprow
Copy link

tiprow bot commented Jan 5, 2024

@lyzx2001: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
tiprow_fast_test c08919e link true /test tiprow_fast_test

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@okJiang
Copy link
Member

okJiang commented Jan 5, 2024
edited
Loading

ci failed 🤔 @lyzx2001

$ PWD=/home/prow/go/src/github.com/pingcap/tidb  git fetch https://x-access-token:CENSORED@github.com/pingcap/tidb.git c08919e839bde90f53efde1fe369ee718096c0df (runtime: 9.504992595s)
From https://github.com/pingcap/tidb
 * branch                c08919e839bde90f53efde1fe369ee718096c0df -> FETCH_HEAD
$ PWD=/home/prow/go/src/github.com/pingcap/tidb GIT_AUTHOR_DATE=1704394114 GIT_COMMITTER_DATE=1704394114 git merge --no-ff c08919e839bde90f53efde1fe369ee718096c0df (runtime: 11.720358ms)
fatal: refusing to merge unrelated histories

@lance6716
Copy link
Contributor

ci failed 🤔 @lyzx2001

$ PWD=/home/prow/go/src/github.com/pingcap/tidb  git fetch https://x-access-token:CENSORED@github.com/pingcap/tidb.git c08919e839bde90f53efde1fe369ee718096c0df (runtime: 9.504992595s)
From https://github.com/pingcap/tidb
 * branch                c08919e839bde90f53efde1fe369ee718096c0df -> FETCH_HEAD
$ PWD=/home/prow/go/src/github.com/pingcap/tidb GIT_AUTHOR_DATE=1704394114 GIT_COMMITTER_DATE=1704394114 git merge --no-ff c08919e839bde90f53efde1fe369ee718096c0df (runtime: 11.720358ms)
fatal: refusing to merge unrelated histories

Don't worry, tiprow_fast_test is our experimental CI, it will not block merging

@ti-chi-bot ti-chi-bot bot merged commit 54d8a14 into pingcap:master Jan 5, 2024
35 of 40 checks passed
AilinKid pushed a commit to AilinKid/tidb that referenced this pull request Jan 17, 2024
@lyzx2001 @AilinKid
br: Solve SQL Injection Risk - Format String (pingcap#49666)
3d01baf 
ref pingcap#30699
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lance6716 lance6716 lance6716 approved these changes

@GMHDBJD GMHDBJD GMHDBJD approved these changes

Assignees
No one assigned
Labels
approved component/dumpling This is related to Dumpling of TiDB. lgtm release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lyzx2001 @okJiang @lance6716 @GMHDBJD