Bug #103612 | Incorrectly identified WITH...SELECT as unsafe for read-only connections | ||
---|---|---|---|
Submitted: | 6 May 2021 13:03 | Modified: | 12 Oct 2021 16:36 |
Reporter: | Dillon Giacoppo | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / J | Severity: | S3 (Non-critical) |
Version: | 8.0.24 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[6 May 2021 13:03]
Dillon Giacoppo
[19 May 2021 12:17]
MySQL Verification Team
Hi Mr. Giacoppo, Thank you for your bug report. We agree fully with your analysis and conclusions. Verified as reported.
[12 Oct 2021 16:36]
Daniel So
Posted by developer: Added the following entry to the Connector/J 8.0.27 changelog: "When using client-side prepared statements with read-only connections, Connector/J checks whether a statement should be executed just by looking at the first letter, only executing statements starting with as "S" [for SELECT]. This approach excluded some valid statements (for example, SELECT statements starting with a WITH clause). With this fix, Connector/J performs more accurate checks by looking at the statement keywords and the context, and it is also permissive on statements it is unsure about."
[13 Oct 2021 15:31]
Daniel So
Posted by developer: Corrected the changelog entry to the following: "When Statement.executeQuery() was called, Connector/J's check for whether a statement would return results was inadequate, so that sometimes appropriate statements were rejected (for examples, SELECT statements starting with a WITH clause, statements preceded by consecutive comments, and so on) and, at other times, inappropriate statements were executed (for example, DO statements), resulting in various kinds of errors. With this fix, Connector/J performs more accurate checks by looking at the statement keywords and the context, as well as handling properly different corner cases. In this new mechanism, Connector/J takes a permissive approach: statements that might return results are allowed to run."